Snort mailing list archives
Re: monitoring email alert
From: Daniel Cid <danielcid () yahoo com br>
Date: Sun, 2 Jul 2006 18:51:29 -0300 (ART)
Hi Joel and Oliver, Other tool that can generate e-mails based on the snort alerts is ossec. I sent an e-mail some time ago to the list about this subject, so I will just paste it bellow: " In addition to using swatch, you can try ossec to generate e-mails/active responses based on your snort logs. It is much more powerful then swatch (or guardian) because it allows you to alert based on: -Single IDS events. -Mutliple IDS events for same source ip in a specific timeframe. -Multiple IDS events for same snort ID in a specific time. -Only for the first time a Snort ID is seen. -Only for the first time a Snort ID/IP combo is seen. -Only on specific categories. -Only on specific priorities (or any other option you want). -You can ignore specific IPs/Snort IDS. -You can specify maximum number of alerts per hour, and if this number is reached, it will send all the alerts in just one e-mail. -You can ignore automatically rules that alert too often. Oh, ossec also analyzes a lot of other log formats, being easy to integrate with other applications. *Don't take my word for it, because I'm an ossec developer, but you should give it a try. Installation is pretty easy too. Last version: http://www.ossec.net/files/ossec-hids-0.8-3.tar.gz Website: http://www.ossec.net " Thanks and sorry for the duplicated e-mail. -- Daniel B. Cid dcid @ ( at ) ossec.net --- Joel Esler <joel.esler () sourcefire com> escreveu:
Snort does not send emails by itself, you need to look into a 3rd party plugin such as Swatch, BASE, or something similar. On Thu, Jun 29, 2006 at 08:21:53PM +0800, Oliver A. Rojo wrote:Is it possible for snort to have its monitoringalert via email whereinsay, it will send sysadmins its reports each day? -- Oliver A. Rojo
______________________________________________________________
This email and any files transmitted with it areconfidentialand intended solely for the use of the individualor entity towhom they are addressed. If you have received thisemail in errorplease notify the system manager. Please note thatany views oropinions presented in this email are solely thoseof the authorand do not necessarily represent those of thecompany. Finally,the recipient should check this email and anyattachments for thepresence of viruses. The company accepts noliability for anydamage caused by any virus transmitted by thisemail.Using Tomcat but need to do more? Need to supportweb services, security?Get stuff done quickly with pre-integratedtechnology to make your job easierDownload IBM WebSphere Application Server v.1.0.1based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options orunsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
+---------------------------------------------------------------------+
Joel Esler Senior Security Consultant 1-706-627-2101 Sourcefire Security for the /Real/ World -- http://www.sourcefire.com Snort - Open Source Network IPS/IDS -- http://www.snort.org GPG Key http://demo.sourcefire.com/jesler.pgp.key
+---------------------------------------------------------------------+
Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________________ Novidade no Yahoo! Mail: receba alertas de novas mensagens no seu celular. Registre seu aparelho agora! http://br.mobile.yahoo.com/mailalertas/ Using Tomcat but need to do more? Need to support web services, security? Get stuff done quickly with pre-integrated technology to make your job easier Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Re: monitoring email alert Daniel Cid (Jul 02)