Snort mailing list archives
RE: Email alerts for ACID + LogSentry
From: "Graham Cooper" <gcooper () servecast com>
Date: Sun, 7 Jul 2002 00:07:05 +0100
Hi guys, Still stuck here !! I have installed LogSentry successfully, but I still cant get my alerts to be sent via email !!! I have Snort logging successfully to MySQL/Acid, but cannot seem to get Snort to log to a file which Logsentry will recognise. For example, Snort seems to be logging to "Snort-XXXXX.log" - this log file name changes every time Snort starts so I cannot define it in Logsentry.sh (config file). Is this log file just meant to be called "snort.log" - that's what I have picked up from the various documentation on the web ?? but I cannot see where to change this. Also - is there further configuration needed for Log Sentry ? A lot of questions I know, but I'm pulling my hair out here trying to make sense of the various docs on the web :) Hopefully someone can shed some light ??? Many thanks in advance. Graham Cooper Servecast -----Original Message----- From: Poppi, Sandro [mailto:Sandro.Poppi () wacker com] Sent: 05 July 2002 15:23 To: Graham Cooper; Hicks, John; snort-users () lists sourceforge net Subject: AW: [Snort-users] Email alerts for ACID Hi, I use Mandrake's packages. You might take a look on my HOWTO at http://www.lug-burghausen.org/projects/index.html#snort-stat HTH, Sandro
Hi All, I have tried setting up Swatch to send alerts from my log files, but am having dependency problems with the "perl-File-Tail-xx" file, i.e. I cannot find a suitable RPM/Source for the Redhat 7.2 distro. This is relating to installing Swatch to send Snort alerts via email. Can anyone help ? Many Thanks in advance. Regards, Graham Cooper Servecast. -----Original Message----- From: Hicks, John [mailto:JHicks () JUSTICE GC CA] Sent: 04 July 2002 16:49 To: Graham Cooper; snort-users () lists sourceforge net Subject: RE: [Snort-users] Email alerts for ACID All you need to do is make the PHP see a valid SMTP server. THis server doesn't have to be local, just a useable one. ACID info is avail iin the FAQ here: http://www.andrew.cmu.edu/~rdanyliw/snort/acid_faq.html#faq_b11 The following lines are to be set up in c:\winnt\php.ini (default location): [mail function] ; For Win32 only. SMTP = [IPADDRESS] ; for Win32 only ; For Win32 only. sendmail_from = root@localhost ; for Win32 only ; For Unix only. You may supply arguments as well (default: 'sendmail -t -i'). ;sendmail_path = Obviously, this is setup for Win32 SMTP. I'm not to sure when this file is in *nix, but it's there somewhere. HTH, John Hicks -----Original Message----- From: Graham Cooper [mailto:gcooper () servecast com] Sent: Thursday, July 04, 2002 5:49 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Email alerts for ACID Hi There, I am trying to set up email alerting for alerts that are logged from Snort to MySQL/ACID (on RedHat 7.2). Do I need to set up Sendmail on the Linux box to send the email alerts ?, also is there configuration required in PHP ? I can't seem to find any info on this - can anyone point me in the right direction ? Regards, Graham Cooper Servecast --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Caffeinated soap. No kidding. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Bringing you mounds of caffeinated joy. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002 ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Got root? We do. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Email alerts for ACID + LogSentry Graham Cooper (Jul 06)