Snort mailing list archives
RE: RE: What are folks doing for alerting
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Tue, 19 Nov 2002 15:28:00 -0700
Are you logging only to mysql and there is no alert file ? That would change things quite a lot and would render automated email alerts much more complicated. Perhaps consider implementing snortsam on the firewall and generate the alerts from within its constructs ? -----Original Message----- From: BCL IP Network Operations [mailto:NOC () bclnz com] Sent: Tuesday, November 19, 2002 3:23 PM To: tslighter () itc nrcs usda gov; snort-users () lists sourceforge net; jared.bergeron () opbu xerox com Subject: Re: RE: [Snort-users] What are folks doing for alerting I thought swatch would be OK too. But what about if you're logging to mysql? Or does snort do both. hmm, I'm confused, me thinks RTFM....
"Slighter, Tim" <tslighter () itc nrcs usda gov> 11/20 10:11 AM >>>
swatch works decent too -----Original Message----- From: Bergeron, Jared [mailto:jared.bergeron () opbu xerox com] Sent: Tuesday, November 19, 2002 1:03 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] What are folks doing for alerting I was just curious what people are doing for alerting, if any... Acid is working great but would like to get a email when a box starts spewing code red for instance... Thanks Regards, --------------------- Jared Bergeron Systems Analyst XEROX Office Printing Business ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This sf.net email is sponsored by: To learn the basics of securing your web site with SSL, click here to get a FREE TRIAL of a Thawte Server Certificate: http://www.gothawte.com/rd524.html _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- What are folks doing for alerting Bergeron, Jared (Nov 19)
- Re: What are folks doing for alerting hackerwacker (Nov 19)
- Re: What are folks doing for alerting Distribution Lists (Nov 19)
- <Possible follow-ups>
- RE: What are folks doing for alerting Slighter, Tim (Nov 19)
- RE: What are folks doing for alerting Ibarra, Michael (Nov 19)
- Re: What are folks doing for alerting hackerwacker (Nov 19)
- RE: What are folks doing for alerting Ibarra, Michael (Nov 19)
- RE: RE: What are folks doing for alerting Slighter, Tim (Nov 19)
- Re: What are folks doing for alerting Michael J. McCasland (Nov 20)
- Re: RE: What are folks doing for alerting BCL IP Network Operations (Nov 20)