Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Email alerts for ACID

From: "Graham Cooper" <gcooper () servecast com>
Date: Mon, 8 Jul 2002 09:49:10 +0100
Hi Erek,

After much investigation (and frustration with Logwatch !!) I have
gotten a feasible solution to work with Snort/Acid which will email me
alerts on preconfigured parameters outlined in Logsentry
(www.psionic.com).

I have configured Logsentry to monitor the log files and based on cetain
parameters (which incidentally I configured through Webmin's Logsentry
module).

Logsentry then sends the alerts to Sendmail and on to my own mail
server.  The configuration for the destination email address and mail
server exe are in Logsentry.sh.

Rgds,

Graham Cooper
Servecast


-----Original Message-----
From: Erek Adams [mailto:erek () theadamsfamily net]
Sent: 08 July 2002 05:28
To: Semerjian, Ohanes
Cc: 'Poppi, Sandro'; Graham Cooper; Hicks, John;
snort-users () lists sourceforge net
Subject: RE: [Snort-users] Email alerts for ACID


On Mon, 8 Jul 2002, Semerjian, Ohanes wrote:


Since this subject is on the table, here is my question and hope

someone

could assist. I'm logging Snort alerts to Mysql and using ACID also,

what

trying to achieve is to get the alerts to my mailbox then I'll

investigate

the alerts of interest (not using swatch, coz I don't wana log

twice)rather

me spending time checking the ACID everyday.


Unless something has radically changed in ACID, it does _not_ have the
function you are after.  Yes, it does have an 'Email Alerts' function,
but
that just simply sends the alert onscreen as an email to an address.

You might want to consider is to use swatch to watch your alert file and
not
your syslog.  You'll have to tweak the swatch.conf file, but it
shouldn't be
too evil.  IIRC, somewhere in the snort-users archives, there is a
snippet of
a swatch script to do just that.

I might be wrong on all this--I don't have an ACID server up and going
right
now.  *sigh* Just one more reason I _really_ need to get my testlab back
up
and working at full steam again....

Hope that helps some!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Oh, it's good to be a geek.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: