Snort mailing list archives
syslog-ng email alerts
From: agnelo d <agnelofld () yahoo co uk>
Date: Wed, 31 Mar 2004 06:54:12 +0100 (BST)
Hi, I've configured syslog-ng for receiving snort alerts from remote sensor. I'm getting the alerts in snort.log, but am unable to receive email alerts. I've tested the script alert_mail.sh externally and it works.(i'm able to get mails) can someone help in solving this problem. Regards, Agnelo syslog-ng.conf ================== source sensors { internal(); tcp(ip(10.0.41.175) port(514) max-connections(7)); unix-stream("/dev/log"); }; destination localhost { file("/var/log/snort.log"); }; destination email_alert_script {program ("/usr/local/bin/alert_mail.sh"); }; log { source(sensors); destination(localhost); }; log {source(sensors); destination(email_alert_script); }; ========================== alert_mail.sh ==================== #!/bin/sh while read line; do echo $line |mail -s "Snort Alert" idsalert () xxxx com done ==================================== --------------------------------- WIN FREE WORLDWIDE FLIGHTS - nominate a cafe in the Yahoo! Mail Internet Cafe Awards
Current thread:
- syslog-ng email alerts agnelo d (Mar 30)