RE: Can we send email using Outlook as the smtp server with ACID?

["Michael Steele" <michaels () winsnort com>]

Demetri,

Why in the heck did you even respond if you know nothing about Microsoft!

To answer his question; Using Outlook, there is no way. Why can't you use
your SMTP server from your ISP and receive alerts in real time?

Here is what you need to do to send Email alerts in real time from a Windows
box, you can also browse on over to Winsnort.com and retrieve some install
docs. You will need to modify paths, and download event watch, not the
newest one. You can grab the file off my site by using the link in one of
the guides.

Install:

Snort sets a priority on triggered alerts. These priority alerts range from
1-3. One being the highest priority to 3 being the lowest priority alert.
This section of the documentation will walk you through setting up the IDS
for sending alerts based on the highest priority alert.

Note: You MUST have a valid outgoing SMTP server that can be accessed form
the IDS.

● Load the file 'D:\Applications\snort\etc\snort.conf' into WordPad search
routine for and change:

Original: # output alert_syslog: LOG_AUTH LOG_ALERT
Change: output alert_syslog: LOG_AUTH LOG_ALERT

Now save the file and exit…

● Uncompress the downloaded 'eventwatchnt' file into
'D:\Applications\eventwatchnt'.

● Navigate into the 'D:\Applications\eventwatchnt' folder and double click
on ‘eventwatchnt.exe’

Note: A shortcut could be placed on the desktop for easy access to the
management console.

Note: The EventwatchNT Configuration applet will appear with some dialog
boxes filled in.

● In the ‘Sender Name:’ dialog box type the name of the IDS

● In the ‘Sender Email Address:’ dialog box type
eventwatch () yourdomain com

● In the ‘Recipients:’ dialog box type the email address where the alerts
will be sent

● In the ‘SMPT Server:’ dialog box type the name or IP of the SMTP server

● In the ‘Email Subject:’ type Snort Priority 1 Alert!

● In the ‘Filter(s):’ dialog box type (including the [ ] and must be
typed exact) [Priority: 1]

● In the ‘Type:’ select box choose ‘Include’

Note: At this pint you should be able to click the ‘Test’ button and send
a test message to the ‘Sender Email Address’ that was selected above.

● In the ‘Event logs to monitor’ select box, only ‘Application’ needs
to be ticked

● In the ‘Events to report’ select box, only ‘INFORMATION needs to be
ticked

● In the ‘Options’ select box. Only ‘HTML Email’ needs to be ticked

● In the ‘Installation’ select box, click the ‘Install’ button

● In the ‘Service Control’ Select box, click on the ‘Start’ button

● Click the ‘OK’ button at the top right

● Navigate to ‘Administrative Tools’, select Event Viewer, right click
‘Application’, select ‘Properties’, tick ‘Overwrite events as needed’,
click the ‘Apply’ button, click the ‘OK’ button, and exit

Note: To test the email alerting, run a scanner on the network. If there
were no email alerts sent out check the Event log under the Application log
and see if any [Priority: 1] alerts were detected and logged. If there were
alerts then make sure that the SMTP setting are set correctly and there is a
clear path to the SMTP server. Use the ‘Test’ button in the Event Watch NT
applet to make sure that the email is functioning properly.

Cheers...

-Michael Steele
--
 System Engineer / Security Support Technician
 mailto:michaels () winsnort com
 Website: http://www.winsnort.com
 Snort: Open Source Network IDS - http://www.snort.org


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Demetri
Mouratis
Sent: Monday, October 06, 2003 11:30 AM
To: Chhabria, Kavita - Apogent
Cc: 'snort-users () lists sourceforge net'
Subject: Re: [Snort-users] Can we send email using Outlook as the smtp
server with ACID?

On Mon, 6 Oct 2003, Chhabria, Kavita - Apogent wrote:

> Hello all:
>
> Does anyone know as to how to send emails using Outlook as the SMTP server
> from ACID.

Well, you haven't specified your local MTA on the ACID box.  Assuming you
still have qmail there, you need to instruct qmail to relay to the
ip/hostname of the M$ box you want to deliver the mail.
http://cr.yp.to/qmail/faq/outgoing.html#notlocal

I think you mean Exchange rather than Outlook but what the hell do I know
about M$ anyway.

HTH.
---------------------------------------------------------------------
Demetri Mouratis
dmourati () linfactory com



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users