Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Need help with snort output to bash script.

From: Matt Kettler <mkettler () evi-inc com>
Date: Wed, 05 May 2004 15:35:12 -0400
At 01:11 PM 5/4/2004, Thomas Lauret wrote:

OK perhaps someone here can help me.
I want to get snort to run a bash script with the
originating ip address of an event as a variable.
I want that as an output instead of it being logged,
just run a script, with the attacking ip address as a
variable.
How do I do it ?


You don't.
The overhead of executing a bash script would crush snort's performance, leading to loss of large numbers of packets, and results in possible missed attacks and render your snort system largely useless as attackers could evade it with great ease.
Fundamentally, what is it that you're trying to accomplish? Perhaps there's a different way.
Normally you'd want to Log the packets, and have a logwatcher call your bash script when events of interest happen. 



-------------------------------------------------------
This SF.Net email is sponsored by Sleepycat Software
Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. 
http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: