Re: running a script when a match is found

[Michael Boman <michael.boman () securecirt com>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Tuesday 07 May 2002 22:23, Lookman Fazal wrote:
> Now what I want to do is, when it writes the sender's IP address in this
> /var/log/snort directory, I want to, at the same time run a script,
> which will take the sender's IP address and telnet to my router and add
> an access-list to deny this sender. How do I invoke a script in snort
> when a pattern matches?
>
> Is there a way to do this?  Any help will be greatly appreciated
>
> --Fazal

I haven't tries this myself, but why not try out SnortSam(.net) that can 
re-configure firewalls and routers.

/Mike

- -- 
Michael Boman
Security Architect, SecureCiRT (A SBU of Z-Vance Pte Ltd)
http://www.securecirt.com
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE81/02ds5fQJiraJwRAll0AJ9vTev0XAdmSjAGIqPXlTB4jMsQbgCbBzdO
CC63zmoq77OWuTBSXz6RPjE=
=DEA3
-----END PGP SIGNATURE-----

_______________________________________________________________

Have big pipes? SourceForge.net is looking for download mirrors. We supply
the hardware. You get the recognition. Email Us: bandwidth () sourceforge net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users