Snort mailing list archives
Re: Snort-Swatch
From: Sir Fenix <claudus () alestraidc net mx>
Date: Thu, 25 Sep 2003 12:17:09 -0500
I'm using swatch to send alerts via email, to solve this problem I made a script, maybe pretty simple, but it works, it is similar to this:
You have to configure snort to log to syslog. #!/bin/sh MAIL="dir1 () mail net mx dir2 () mail com" MESSAGE=$(tail -n 1 /var/log/messages)echo -e "$MESSAGE \n\nAcceso a la consola del Snort interno: http://10.20.100.41/"; | mail -s "Se Registra Alerta Prioridad 1" $MAIL -- -F "SNORT INTERNO"
Keaton, Lindamaria wrote:
I'm having a difficult time installing logsurfer-1.5b. I just the following command. ./configure --prefix=/usr/local --with-etcdir=/etc. Ok it looks like it installing just find. But when I go look for the logsurfer.conf file in /usr/local/etc or in /etc it's not there. Any ideas? -----Original Message-----From: Edin Dizdarevic [mailto:edin.dizdarevic () interActive-Systems de] Sent: Tuesday, September 23, 2003 12:46 PMTo: Keaton, Lindamaria Cc: jon baer; snort-users () lists sourceforge net Subject: Re: [Snort-users] Snort-Swatch Hi, If you were using logsurfer I could drop you some appropriate configuration rules. Do you have to use Swatch? Regards, Edin Keaton, Lindamaria wrote:/usr/bin/local/snort -c /etc/snort/snort.conf [...] Is anyone using swatch to email alerts?If so, can someone tell me how to configure swatch to send entire content of an alert. Right now I'm getting alerts send but this is allI'm getting in the body of the email. TCP TTL:64 TOS:0x0 ID:33690 IpLen:20 DgmLen:1500 DF.I would like to see source, destination, time, and what the actually alert is. Anyone have any ideas?
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort-Swatch Keaton, Lindamaria (Sep 19)
- Re: Snort-Swatch jon baer (Sep 19)
- Re: Snort-Swatch Erek Adams (Sep 19)
- <Possible follow-ups>
- RE: Snort-Swatch Keaton, Lindamaria (Sep 23)
- Re: Snort-Swatch Edin Dizdarevic (Sep 23)
- RE: Snort-Swatch Keaton, Lindamaria (Sep 23)
- Re: Snort-Swatch Edin Dizdarevic (Sep 23)
- RE: Snort-Swatch Keaton, Lindamaria (Sep 25)
- Re: Snort-Swatch Sir Fenix (Sep 25)
- Re: Snort-Swatch Edin Dizdarevic (Sep 25)
- RE: Snort-Swatch Keaton, Lindamaria (Sep 25)
- RE: Snort-Swatch Keaton, Lindamaria (Sep 26)
- Re: Snort-Swatch Edin Dizdarevic (Sep 27)
- RE: Snort-Swatch Keaton, Lindamaria (Sep 29)
- Single Snort instance with multiple configurations (output) Jukka Juslin (Sep 30)
- Re: Single Snort instance with multiple configurations (output) Matt Kettler (Sep 30)
- Single Snort instance with multiple configurations (output) Jukka Juslin (Sep 30)