RE: realtime reporting tool

["Ronneil Camara" <ronneilc () remingtonltd com>]

> -----Original Message-----
> From: Matt Kettler [mailto:mkettler () evi-inc com]
> Sent: Thursday, March 28, 2002 12:25 PM
> To: Ronneil Camara; snort-users () lists sourceforge net
> Subject: Re: [Snort-users] realtime reporting tool
>
>
> Could you be a bit more specific about what you need, and why acid, 
> snortsnarf and demarc are not suited? Based on your question 
> it's pretty 
> hard to come up with an idea of what you really need.

Sorry for not being so detailed. The reason I posted is that I want to evaluate
other reporting tools. 

> If you need some kind of realtime "send me an email if this 
> alert goes 
> off", I'd suggest getting a log watcher, as per the snort FAQ:
>
> 5.7 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
>
> Q: How do I get snort to e-mail me alerts? A: Log to syslog 
> and use swatch 
> or logcheck.

Yeah, I have been using swatch and I like it. I got some question though.
Is there a way where we can automate the creation of swatchrc file? I can
actually create a perl or sh script to do this but I was hoping that there
is already one that does it for swatch.

Thanks.

Neil

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users