Snort mailing list archives
Re: Snort, Windows 2000 - running external program/script on alert.
From: Matt Kettler <mkettler () evi-inc com>
Date: Fri, 20 Dec 2002 14:09:57 -0500
Please read the detailed response to this question in the Snort FAQ regarding external execution: http://www.snort.org/docs/faq.html#5.9 and regarding email: http://www.snort.org/docs/faq.html#5.7In short, snort can't directly execute an external program without opening a loophole the size of texas in your IDS (it WILL drop packets for quite a long time while trying to exec the external program).
At 12:29 PM 12/20/2002 -0500, Brian Strickland wrote:
is there a way directly from snort to run an external program when an alert is generated or indirectly (reviewing log file or sql database) to run an external program when a alert occurs. Like send an email, pager program, etc. Brian Strickland ------------------------------------------------------- This SF.NET email is sponsored by: The Best Geek Holiday Gifts! Time is running out! Thinkgeek.com has the coolest gifts for your favorite geek. Let your fingers do the typing. Visit Now. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.NET email is sponsored by: The Best Geek Holiday Gifts! Time is running out! Thinkgeek.com has the coolest gifts for your favorite geek. Let your fingers do the typing. Visit Now. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort, Windows 2000 - running external program/script on alert. Brian Strickland (Dec 20)
- Re: Snort, Windows 2000 - running external program/script on alert. Matt Kettler (Dec 20)