Re: [SPAM] - system commands - Email found in subject

[gareth <snort () lordcow org>]

yea, that's what i've been doing, but it's a network signal i send
out about once a fortnight, so i got cron to check up on iptables
logs every hour, whereas i needed a response fairly quickly (but
felt using cron more regularly was a bad policy for a scarce signal).
then someone told me snort should be able to do that instead. & if
that worked i was hoping to expand it to immediatly blocking access
to portscanners etc. like in portsentry

On Thu 2005-03-31 (11:55), Marc Hering wrote:
> Yo, you could run an cron job with a shell script that parses the log
> once every minute and looks for a pattern then executes a shell command
> if it finds it........  Just an idea tho
>  
>
> -----Original Message-----
> From: snort-users-admin () lists sourceforge net
> [mailto:snort-users-admin () lists sourceforge net] On Behalf Of gareth
> Sent: Thursday, March 31, 2005 8:06 AM
> To: snort-users () lists sourceforge net
> Subject: [SPAM] - [Snort-users] system commands - Email found in subject
>
> yo, is there any way to run a system command when a certain rule is
> triggered?
>
> thanx
> gareth
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by Demarc:
> A global provider of Threat Management Solutions.
> Download our HomeAdmin security software for free today!
> http://www.demarc.com/info/Sentarus/hamr30
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
>
> -------------------------------------------------------
> This SF.net email is sponsored by Demarc:
> A global provider of Threat Management Solutions.
> Download our HomeAdmin security software for free today!
> http://www.demarc.com/info/Sentarus/hamr30
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


-------------------------------------------------------
This SF.net email is sponsored by Demarc:
A global provider of Threat Management Solutions.
Download our HomeAdmin security software for free today!
http://www.demarc.com/info/Sentarus/hamr30
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users