Snort mailing list archives
RE: How to enable mail notication?
From: Michael Aylor <maylor () swbanktx com>
Date: Wed, 23 Jan 2002 10:54:22 -0600
This is fantastic, been meaning to figure out how to do this... Can you provide a glimpse of what your syslog.conf file looks like? Mike -----Original Message----- From: Glenn E. Bailey III [mailto:gbailey () sprocketdata com] Sent: Wednesday, January 23, 2002 9:58 AM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] How to enable mail notication? Here is a quick and really dirty script I run, you have to setup snort to log via syslog and setup syslog to log snort alerts to a seperate file .. Only good if you have a small site really, and like I said, it's dirty: #!/usr/bin/perl use strict; my $snort_log = '/var/log/snort.log'; # location of snort.log generated by syslog my $snort_log_old = '/var/log/snort/old/snort'; # path to dir where to store old logs my $notify_log = '/var/log/snort/notify.log'; # path to log where to log notifications my $email = 'youremail () blah com'; # guess what this is ;-) open(SNORT_LOG, "$snort_log"); if (! <SNORT_LOG>) { exit(); } else { system("mail $email -s \"Snort alert\" < $snort_log"); open(NOTIFY, ">>$notify_log"); my $localtime = localtime(); print NOTIFY "$localtime - Alert sent to $email\n"; close NOTIFY; my $time = time(); system("mv $snort_log $snort_log_old.$time"); system("kill -SIGHUP \`cat /var/run/syslogd.pid\`"); exit(); } -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Erek Adams Sent: Wednesday, January 23, 2002 9:50 AM To: My Security Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] How to enable mail notication? On Wed, 23 Jan 2002, My Security wrote:
I would like to enable sending mail if there is alert on my email address. How will I be able to configure this option to the snort.conf.
You can't. http://www.snort.org/docs/faq.html#5.7 Also read the users manual from the Documentation page. The rest of the FAQ won't hurt either.... ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users CONFIDENTIALITY NOTICE: ************************************************************************ The information contained in this ELECTRONIC MAIL transmission is confidential. It may also be privileged work product or proprietary information. This information is intended for the exclusive use of the addressee(s). If you are not the intended recipient, you are hereby notified that any use, disclosure, dissemination, distribution [other than to the addressee(s)], copying or taking of any action because of this information is strictly prohibited. ************************************************************************
Current thread:
- How to enable mail notication? My Security (Jan 23)
- Re: How to enable mail notication? Erek Adams (Jan 23)
- RE: How to enable mail notication? Glenn E. Bailey III (Jan 23)
- Re: How to enable mail notication? Matt Kettler (Jan 23)
- Re: How to enable mail notication? My Security (Jan 23)
- Message not available
- Re: How to enable mail notication? Ed Kasky (Jan 23)
- Who's using Snort? Ian Masters (Jan 23)
- Re: How to enable mail notication? Ed Kasky (Jan 23)
- Re: How to enable mail notication? Erek Adams (Jan 23)
- Re: How to enable mail notication? Arvind Clemente (Jan 23)
- <Possible follow-ups>
- RE: How to enable mail notication? Michael Aylor (Jan 23)