IDS mailing list archives
RE: Snort & email
From: Omar Herrera <oherrera () prodigy net mx>
Date: Sat, 07 May 2005 09:08:32 -0500
Hi Dan, You can make snort log to both syslog and a MySQL database. Syslog alerts can be emailed and the will be wiped out eventually, when logs are rotated, so no overhead there. I'm not sure how much this affects performance, but have tested it this way and have not noticed a significant degradation. Regards, Omar Herrera
-----Original Message----- From: Dan S Baxter [mailto:Dan.Baxter () ipaper com] I'm setting up a Snort sensor in our environment and I am unable to determine how I might get emailed on alerts. I understand some are using Swatch, but we are not logging to syslogs but rather to a mysql db. What are others doing in this case? If I can't get it to alert me, it doesn't do me as much good, as I do not have the time to watch it 24/7.
-------------------------------------------------------------------------- Test Your IDS Is your IDS deployed correctly? Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 to learn more. --------------------------------------------------------------------------
Current thread:
- Snort & email Dan S Baxter (May 06)
- Re: Snort & email Frank Knobbe (May 09)
- Re: Snort & email Joel Esler (May 09)
- Re: Snort & email James Riden (May 09)
- Re: Snort & email Jose Maria Lopez Hernandez (May 09)
- Re: Snort & email Bartosz Krajnik (May 11)
- <Possible follow-ups>
- RE: Snort & email Omar Herrera (May 09)
- Re: Snort & email ctooker (May 16)