IDS mailing list archives

Re: Snort & email

From: Jose Maria Lopez Hernandez <jkerouac () bgsec com>
Date: Sun, 08 May 2005 12:09:59 +0200

El mié, 04-05-2005 a las 10:16 -0500, Dan S Baxter escribió:

I'm setting up a Snort sensor in our environment and I am unable to
determine how I might get emailed on alerts.  I understand some are using
Swatch, but we are not logging to syslogs but rather to a mysql db.  What
are others doing in this case?


You can log to syslog and mysql at the same time. Just use both
lines in the Snort config file.

I also think OpenAanval can send you alerts using the mysql database.

If I can't get it to alert me, it doesn't do me as much good, as I do not
have the time to watch it 24/7.

Dan Baxter
International Paper
Information Risk Management
901-419-5193


Regards.

-- 

Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac () bgsec com
bgSEC Seguridad y Consultoria de Sistemas
http://www.bgsec.com
ESPAÑA

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"


--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

Current thread:

Snort & email Dan S Baxter (May 06)
- Re: Snort & email Frank Knobbe (May 09)
- Re: Snort & email Joel Esler (May 09)
- Re: Snort & email James Riden (May 09)
- Re: Snort & email Jose Maria Lopez Hernandez (May 09)
- Re: Snort & email Bartosz Krajnik (May 11)
- <Possible follow-ups>
- RE: Snort & email Omar Herrera (May 09)
- Re: Snort & email ctooker (May 16)