Snort mailing list archives

Previous By Date Next
Previous By Thread Next

ACID/procmail/incident.pl

From: Shane Hickey <shane () howsyournetwork com>
Date: 24 Nov 2002 13:59:36 -0700
Howdy all,
        Before I got Snort/MySQL/ACID working, I was just sending snort alerts
to syslog.  Then, each night I had a script that would grep the snort
events out of the logs and e-mail them to me.  Then I would run through
the whole thing using the incident.pl script
(http://freshmeat.net/projects/incident.pl/). 
        Anyway, now I'm loving ACID but I was wondering if anyone knew of a
better way to do reporting on snort incidents using ACID.  Here's what
I'm doing now.  I'll go through the incidents sorted by Source Address,
then I have a particular query that looks naughty, I'll e-mail that to
myself.  Then I have a procmail recipe that dumps all of these e-mail
bodies to a folder.  Then I have a cronjob that processes this folder
using the incident.pl script.  I'm sure there must be a better way, but
I'm not even partially competent with procmail.  Anyway, just seeing
what other people are doing on this.

Shane




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: