Re: Real-time email notification

[Tim Olson <tolson () unionsemiconductor com>]

I just wondered the same thing yesterday because I couldn't get
smb_alert working, and I read a bit and found out about a package
called "swatch" that does this.  It seems to work ok, but the
catch I see so far is that it scans only the main syslog.  If you
log to /var/log/snort/alerts or something else, it wouldn't
do anything.  It MIGHT be able to do that, but I just haven't
gotten that far in playing with it to find out if I can configure
it to do another log file too.

It does work well on the main syslog though.  It had a few
hiccups in installation getting all the perl modules, but other
than that, i've set it up on a redhat sparc and i386 machine.

Tim

Michael Pickert wrote:
> Hi,
>
> can anybody tell me a way to check the snort-logfiles in real-time and send
> a email to the  admin as a notificaiton of a alert?
>
> __

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users