IDS mailing list archives

Re: Snort & email

From: ctooker () ti parmapatas net
Date: Mon, 16 May 2005 17:47:45 +0200

Dan,

Have you considered running Swatch on the MySQL server?

It could find the Snort alerts embedded in the SQL INSERT queries. Theyare logged by default in the /var/log/mysql/ dir.


Cheers,

Chris
ctooker () ti parmapatas net

I'm setting up a Snort sensor in our environment and I am unable to
determine how I might get emailed on alerts.  I understand some are using
Swatch, but we are not logging to syslogs but rather to a mysql db.  What
are others doing in this case?

If I can't get it to alert me, it doesn't do me as much good, as I do not
have the time to watch it 24/7.

Dan Baxter
International Paper
Information Risk Management
901-419-5193



--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?

Find out quickly and easily by testing it with real-world attacks fromCORE IMPACT.Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708to learn more.

--------------------------------------------------------------------------

Current thread:

Snort & email Dan S Baxter (May 06)
- Re: Snort & email Frank Knobbe (May 09)
- Re: Snort & email Joel Esler (May 09)
- Re: Snort & email James Riden (May 09)
- Re: Snort & email Jose Maria Lopez Hernandez (May 09)
- Re: Snort & email Bartosz Krajnik (May 11)
- <Possible follow-ups>
- RE: Snort & email Omar Herrera (May 09)
- Re: Snort & email ctooker (May 16)