Snort mailing list archives

RE: How to enable mail notication?

From: "Glenn E. Bailey III" <gbailey () sprocketdata com>
Date: Wed, 23 Jan 2002 09:58:11 -0600

Here is a quick and really dirty script I run, you have
to setup snort to log via syslog and setup syslog to log
snort alerts to a seperate file .. Only good if you have
a small site really, and like I said, it's dirty:

#!/usr/bin/perl

use strict;

my $snort_log     = '/var/log/snort.log'; # location of snort.log generated
by syslog
my $snort_log_old = '/var/log/snort/old/snort'; # path to dir where to store
old logs
my $notify_log    = '/var/log/snort/notify.log'; # path to log where to log
notifications
my $email         = 'youremail () blah com'; # guess what this is ;-)

open(SNORT_LOG, "$snort_log");

if (! <SNORT_LOG>) {
        exit();
        }

else {
        system("mail $email -s \"Snort alert\" < $snort_log");

        open(NOTIFY, ">>$notify_log");
        my $localtime = localtime();
        print NOTIFY "$localtime - Alert sent to $email\n";
        close NOTIFY;

        my $time = time();
        system("mv $snort_log $snort_log_old.$time");
        system("kill -SIGHUP \`cat /var/run/syslogd.pid\`");
        exit();
        }

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Erek Adams
Sent: Wednesday, January 23, 2002 9:50 AM
To: My Security
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] How to enable mail notication?


On Wed, 23 Jan 2002, My Security wrote:

I would like to enable sending mail if there is alert
on my email address.

How will I be able to configure this option to the
snort.conf.


You can't.

http://www.snort.org/docs/faq.html#5.7

Also read the users manual from the Documentation page.  The rest of the FAQ
won't hurt either....

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

How to enable mail notication? My Security (Jan 23)
- Re: How to enable mail notication? Erek Adams (Jan 23)
  - RE: How to enable mail notication? Glenn E. Bailey III (Jan 23)
- Re: How to enable mail notication? Matt Kettler (Jan 23)
  - Re: How to enable mail notication? My Security (Jan 23)
- Message not available
  - Re: How to enable mail notication? Ed Kasky (Jan 23)
    - Who's using Snort? Ian Masters (Jan 23)
- Re: How to enable mail notication? Arvind Clemente (Jan 23)
- <Possible follow-ups>
- RE: How to enable mail notication? Michael Aylor (Jan 23)