Snort mailing list archives
Re: [SPAM] - system commands - Email found in subject
From: gareth <snort () lordcow org>
Date: Fri, 1 Apr 2005 11:43:42 +0200
yea, that's what i've been doing, but it's a network signal i send out about once a fortnight, so i got cron to check up on iptables logs every hour, whereas i needed a response fairly quickly (but felt using cron more regularly was a bad policy for a scarce signal). then someone told me snort should be able to do that instead. & if that worked i was hoping to expand it to immediatly blocking access to portscanners etc. like in portsentry On Thu 2005-03-31 (11:55), Marc Hering wrote:
Yo, you could run an cron job with a shell script that parses the log once every minute and looks for a pattern then executes a shell command if it finds it........ Just an idea tho -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of gareth Sent: Thursday, March 31, 2005 8:06 AM To: snort-users () lists sourceforge net Subject: [SPAM] - [Snort-users] system commands - Email found in subject yo, is there any way to run a system command when a certain rule is triggered? thanx gareth ------------------------------------------------------- This SF.net email is sponsored by Demarc: A global provider of Threat Management Solutions. Download our HomeAdmin security software for free today! http://www.demarc.com/info/Sentarus/hamr30 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by Demarc: A global provider of Threat Management Solutions. Download our HomeAdmin security software for free today! http://www.demarc.com/info/Sentarus/hamr30 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.net email is sponsored by Demarc: A global provider of Threat Management Solutions. Download our HomeAdmin security software for free today! http://www.demarc.com/info/Sentarus/hamr30 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: [SPAM] - system commands - Email found in subject gareth (Apr 01)