Snort mailing list archives
Re: Email
From: "Horton, Nicholas A - Merrifield, VA - Contractor" <nicholas.a.horton () usps gov>
Date: Wed, 29 Aug 2012 15:57:08 -0500
Makes sense and honestly now that I think about it I probably won't want the remote snortbox to send an email plus the log file is in unified2 format. I have several snortboxes talking to a central location and I have Snorby up and running on a central server so I probably just need Snorby to somehow send me an alert based on an event into the database. Right now Snorby sends past reports but I'm also looking for a feature where the notifications can be more immediate. I started to think about the snortbox doing this immediate notification in email but it is already notifying by entering into the central mysql db. I just need this central db box running Snorby to kick off an email given a specific gid or sid. If Snorby isn't it for immediate or specific gid notifications i just need to find that add-on that can do it. Thanks again Joel, Nick ________________________________________ From: Joel Esler [jesler () sourcefire com] Sent: Wednesday, August 29, 2012 4:06 PM To: Nicholas Horton Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Email On Aug 29, 2012, at 3:45 PM, Nicholas Horton <fivetenets () me com<mailto:fivetenets () me com>> wrote: Is snort 2.9.2.3 capable of sending emails based off of alerts or is that something that should be handled by an add-on like swatch? If snort is capable where is the config for sending emails? It's definitely an add-on. Snort does not contain this native capability. Snort is an IDS, not an email generation program. :) ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!