Snort mailing list archives
Re: running a script when a match is found
From: Frank Knobbe <fknobbe () knobbeits com>
Date: 07 May 2002 21:50:34 -0500
On Tue, 2002-05-07 at 11:13, Michael Boman wrote:
On Tuesday 07 May 2002 22:23, Lookman Fazal wrote:Now what I want to do is, when it writes the sender's IP address in this /var/log/snort directory, I want to, at the same time run a script, which will take the sender's IP address and telnet to my router and add an access-list to deny this sender. How do I invoke a script in snort when a pattern matches? Is there a way to do this? Any help will be greatly appreciated --FazalI haven't tries this myself, but why not try out SnortSam(.net) that can re-configure firewalls and routers.
Hey Mike, long time no chat. Yes, you can use SnortSam. If the router in question is a Cisco router, that plugin is already available (although still in beta). If you need to run other routers/script, you could use the fwexec method which calls a script/binary with certain parameters. I know of at least one guy doing this. I was thinking about adding a generic script plugin, but fwexec seems to work fine. Later, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- running a script when a match is found Lookman Fazal (May 07)
- Re: running a script when a match is found Michael Boman (May 07)
- Re: running a script when a match is found Frank Knobbe (May 07)
- Re: running a script when a match is found Michael Boman (May 07)