Snort mailing list archives
Re: Alternate Alerting for Snort - phone
From: Rich Adamson <radamson () routers com>
Date: Thu, 23 Dec 2004 17:12:35 -0600
Before I get started, I've looked through the archives and looked 'round online and have yet to have any good luck (other than a bad link). Management has asked me to look into real-time alerting from the Snort sensor we employ, round the clock, to my phone. The only nearly helpful reference I saw had a link to the old FAQ on sourforge's snort site, and I didn't find what I was looking for elsewhere. I realize that the potential for a storm of false-positives is very real, but, we essentially shut down at 6:30 everyday, and coupled with good tuning, should greatly reduce the occurrence of that after hours. This will be running WinSnort on XP SP2, BTW. (Consolidating from several sensors to a better located central sensor.) The factory I used to work at had a solution in place with Watchdog and an obsolete piece of code for heartbeats to goto their cells. But if I recall, they spent a bit on the license for that old piece of code.
One of the easiest ways to do that is to run Kiwi Syslog on that PC, send your snort alerts to that syslog, and write a couple of rules in Kiwi to send the selected rules to your cell phone via text msgs. Been doing it for several years, works fine for low volume alerts. I happen to be using our own product (NetLogger) for syslogging (instead of Kiwi), but you should be able to accomplish the same with Kiwi. ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alternate Alerting for Snort - phone Michael Bowman (Dec 23)
- Re: Alternate Alerting for Snort - phone Rich Adamson (Dec 23)
- RE: Alternate Alerting for Snort - phone Eric Hines (Dec 23)