RE: Email alerts for ACID + LogSentry

["Graham Cooper" <gcooper () servecast com>]

Hi guys,

Still stuck here !!

I have installed LogSentry successfully, but I still cant get my alerts
to be sent via email !!!

I have Snort logging successfully to MySQL/Acid, but cannot seem to get
Snort to log to a file which Logsentry will recognise.

For example, Snort seems to be logging to "Snort-XXXXX.log" - this log
file name changes every time Snort starts so I cannot define it in
Logsentry.sh (config file).

Is this log file just meant to be called "snort.log" - that's what I
have picked up from the various documentation on the web ?? but I cannot
see where to change this.

Also - is there further configuration needed for Log Sentry ?

A lot of questions I know, but I'm pulling my hair out here trying to
make sense of the various docs on the web :)

Hopefully someone can shed some light ???

Many thanks in advance.

Graham Cooper
Servecast



-----Original Message-----
From: Poppi, Sandro [mailto:Sandro.Poppi () wacker com]
Sent: 05 July 2002 15:23
To: Graham Cooper; Hicks, John; snort-users () lists sourceforge net
Subject: AW: [Snort-users] Email alerts for ACID


Hi,

I use Mandrake's packages. You might take a look on my HOWTO at
http://www.lug-burghausen.org/projects/index.html#snort-stat

HTH,
Sandro
> Hi All,
>
> I have tried setting up Swatch to send alerts from my log 
> files, but am
> having dependency problems with the "perl-File-Tail-xx" file, i.e. I
> cannot find a suitable RPM/Source for the Redhat 7.2 distro.
>
> This is relating to installing Swatch to send Snort alerts via email.
> Can anyone help ?
>
> Many Thanks in advance.
>
> Regards,
>
> Graham Cooper
> Servecast.
>
>
>
> -----Original Message-----
> From: Hicks, John [mailto:JHicks () JUSTICE GC CA]
> Sent: 04 July 2002 16:49
> To: Graham Cooper; snort-users () lists sourceforge net
> Subject: RE: [Snort-users] Email alerts for ACID
>
>
> All you need to do is make the PHP see a valid SMTP server. 
> THis server
> doesn't have to be local, just a useable one. ACID info is 
> avail iin the
> FAQ
> here: http://www.andrew.cmu.edu/~rdanyliw/snort/acid_faq.html#faq_b11
>
> The following lines are to be set up in c:\winnt\php.ini (default
> location):
>
>       [mail function]
>       ; For Win32 only.
>       SMTP =  [IPADDRESS] ; for Win32 only
>
>       ; For Win32 only.
>       sendmail_from =  root@localhost ; for Win32 only
>
>       ; For Unix only.  You may supply arguments as well (default:
> 'sendmail -t -i').
>       ;sendmail_path =
>
> Obviously, this is setup for Win32 SMTP. I'm not to sure when 
> this file
> is
> in *nix, but it's there somewhere.
>
> HTH,
>
> John Hicks
>
> -----Original Message-----
> From: Graham Cooper [mailto:gcooper () servecast com]
> Sent: Thursday, July 04, 2002 5:49 AM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Email alerts for ACID
>
>
> Hi There,
>
> I am trying to set up email alerting for alerts that are logged from
> Snort to MySQL/ACID (on RedHat 7.2).
>
> Do I need to set up Sendmail on the Linux box to send the email alerts
> ?, also is there configuration required in PHP ?
>
> I can't seem to find any info on this - can anyone point me 
> in the right
> direction ?
>
> Regards,
>
> Graham Cooper
> Servecast
>
>
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
>  
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Caffeinated soap. No kidding.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
>  
>
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
>  
>
>
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Bringing you mounds of caffeinated joy.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Got root? We do.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users