RE: How can I setup Snort to e-mail alerts?

["Sheahan, Paul (PCLN-NW)" <Paul.Sheahan () priceline com>]

I set a cron job to run at midnight every night in conjunction with
snort_stat to do it. I love the format of snort_stat reports much better
than the other tools. I send 2 reports every night, one with names resolved
and one without in case I want to compare addresses against traces.

cat alert | snort_stat.pl -r | /usr/lib/sendmail -fNames admin () yourco com
cat alert | snort_stat.pl | /usr/lib/sendmail -fAddresses admin () yourco com

Hope this helps!

Paul


-----Original Message-----
From: Ralf Hildebrandt [mailto:Ralf.Hildebrandt () innominate com]
Sent: Friday, June 22, 2001 4:18 AM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] How can I setup Snort to e-mail alerts?


On Thu, Jun 21, 2001 at 10:22:03PM -0400, Yom, Francis wrote:

> I would like to know how, if it is possible, to set up snort to e-mail
> alerts to an administrator.  

Some other tool must parse the logfile and send mails based on what it
found. Use logcheck or logsurfer or your own flavour of grep and mailx.

-- 
ralf.hildebrandt () innominate com                            innominate AG
Technical Consultant                   Don't be afraid of what you see -
Diplom-Informatiker                     be afraid of what you don't see!
tel: +49.(0)7000.POSTFIX                        fax: +49.(0)30.308806-77

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users