Alerting

[Richard Stevens <mail () richardstevens de>]

Hi,

right now I'm in the finishing stages of setting up a virtual honeynet based 
on UML. This is supposed to be my learning space and also the prototype for 
the real thing. I have most things working as I like but I'm a little lost 
about how to trigger alerts. Right now the solution I was thinking about is a 
filter for syslog-ng on the sniffer machine and the Gen II Gateway which will 
filter out the alerts I'd like to get and trigger a script or program to 
actually send the mail/sms/pagermessage, depending on the infrastructure  
that is accessible for the real implementation. The mails would go out 
through seperate NICs to not interfere with the honeynet.

I'm not quite sure wether this is a good idea, though. 

What's your experience, how do you or would you achieve secure and reliable 
alerting? If there is documentation or a guide on it that I should read, I'm 
sorry, to have asked here. I looked for something but without success. If 
there is something, I was too blind to actually find it.

Thanks a lot,

Richard

Attachment: _bin
Description: signature