IDS mailing list archives

RE: Snort & email

From: Omar Herrera <oherrera () prodigy net mx>
Date: Sat, 07 May 2005 09:08:32 -0500

Hi Dan,

You can make snort log to both syslog and a MySQL database. Syslog alerts
can be emailed and the will be wiped out eventually, when logs are rotated,
so no overhead there. 

I'm not sure how much this affects performance, but have tested it this way
and have not noticed a significant degradation.

Regards,
Omar Herrera

-----Original Message-----
From: Dan S Baxter [mailto:Dan.Baxter () ipaper com]

I'm setting up a Snort sensor in our environment and I am unable to
determine how I might get emailed on alerts.  I understand some are using
Swatch, but we are not logging to syslogs but rather to a mysql db.  What
are others doing in this case?

If I can't get it to alert me, it doesn't do me as much good, as I do not
have the time to watch it 24/7.




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

Snort & email Dan S Baxter (May 06)
- Re: Snort & email Frank Knobbe (May 09)
- Re: Snort & email Joel Esler (May 09)
- Re: Snort & email James Riden (May 09)
- Re: Snort & email Jose Maria Lopez Hernandez (May 09)
- Re: Snort & email Bartosz Krajnik (May 11)
- <Possible follow-ups>
- RE: Snort & email Omar Herrera (May 09)
- Re: Snort & email ctooker (May 16)