Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Swatch configuration problem

From: ids () san rr com
Date: Wed, 24 Mar 2004 11:37:29 -0800
Thank you for yor reply... I've been pulling my hair out.

I'm not very fimiliar with sendmail on my Redhat 9.0 box. I know it works and I can send mail using the mail command. 
Are there any specific settings I need to set for sendmail so Swatch will email me alerts?

Thanks!

Alan

----- Original Message -----
From: Jan Hormann <hormann () gutenberg-rz de>
Date: Wednesday, March 24, 2004 5:28 am
Subject: Re: [Snort-users] Swatch configuration problem


Hi Alan,

is it possible, that you need a valid mailadress as sender in your 
email for 
your mailserver? If you use a Linux or Unix or something like that 
you can 
probe if you need the adress of a sender with the "mail" command.

Do you start swatch after rebooting your computer (automaticalie)? 
If no, this 
may be the problem why you don't get any messages after rebooting. 
Or do you 
start swatch when you boot your computer but start swatch befor 
you start 
snort (or what you want swatch to look for)? 
Because it's necessary that you start swtch after the programm 
snort should 
watch for.

Jan

Am Mittwoch, 24. März 2004 08:34 schrieb Alan:

Hi-


I'm having problems with getting swatch to email me alerts. I have
installed it successfully and have the following configuration 

setup in my

.swatchrc file:

watchfor /Priority\:2/
echo=green_h
mail addresses=ids\@san.rr.com,subject=----Snort Alert! ----
throttle 00:00:10

Pretty simple setup. Another strange thing is I used to get an 

echo on my

console everytime I would get an alert but after rebooting my 

computer I

get nothing, no echo and no email alerts. I can't figure it out. 

Am I

missing something obvious? Thanks in advance!


Alan







-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id70&alloc_id638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: