Capturing "successful" attacks

["Sid" <s_i_d_j () yahoo com>]

Hi,

I have Snort Version 1.8 Beta6 (Buld 25) running fine (well, almost).  I am
tailing the "alert" file with logsurfer utility and lookout for *successful*
alerts. I use the classification config from whitehats.

The problem is i want to pickup the next four lines after the line in which
the word *successful* appears and mail them to me.

Right now, i just mail a predefined string to myself everytime logsurfer
encounters a line with the word *successful* in it.

Any help?

Siddhartha



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users