Snort mailing list archives
Re: problem with Swatch
From: "Senthil Prabu.S" <prabu333 () hotpop com>
Date: Thu, 10 Mar 2005 09:30:59 +0530
#swatch -c /etc/swatchrc -t /var/log/snort/alert # ###Snort Alerts # Watch for entries containing the word 'Priority' in the snort alert file. # Display it in green on the screen # Mail alert to alerts () yourdomiain com with subject of the email # being "--Snort IDS Alert--" # # log in file /var/log/IDS-scan watchfor /Priority/ /hotmail echo green mail addresses=coldness85\@hotmail.com ,subject=--Snort Alerts-- exec echo $0 >> /var/log/IDS-scans
Looking at your swatchrc file, it seems the line "/hotmail" is the problem Here you are looking for the keyword "Priority" in alert file. Right?. Then why you have given /hotmail, is it have any valid reason. Try again, with removing that line. Also, I have send the swatch_snort setup manual along with this mail. Hope it is useful. --Senthil Prabu.S
Attachment:
swatch_configuration.pdf
Description:
Current thread:
- problem with Swatch Luey Kum Weng (Mar 06)
- Re: problem with Swatch Senthil Prabu.S (Mar 06)
- Re: problem with Swatch Luey Kum Weng (Mar 07)
- Re: problem with Swatch Senthil Prabu.S (Mar 08)
- Re: problem with Swatch Luey Kum Weng (Mar 09)
- Re: problem with Swatch Senthil Prabu.S (Mar 09)
- Re: problem with Swatch Luey Kum Weng (Mar 07)
- Re: problem with Swatch Senthil Prabu.S (Mar 06)