Snort mailing list archives
RE: snort+mysql+acid
From: "Scott, Joshua" <Joshua.Scott () jacobs com>
Date: Tue, 4 Feb 2003 17:56:47 -0500
I've done something similar using a Perl script. The script basically looks for various signatures that I specify and sends an email if there are any matches. I've set it to run every 10 minutes so it's not "instant" notification but it is acceptable for now. It may be possible to have instant notification by way of database triggers or a similar function in MySQL. I'm in no way a database person so I don't even know if MySQL supports triggers. I'd also like to hear what other people have done for email alerting with ACID/SnortCenter. Joshua Scott Security Systems Analyst, CISSP -----Original Message----- From: Alan McCarty [mailto:amccarty () ecornell com] Sent: Tuesday, February 04, 2003 2:02 PM To: snort-users () lists sourceforge net Subject: [Snort-users] snort+mysql+acid Hi all- I'm running well so far with a distributed snort setup. I have a big tank of a server running mysql/acid/snortcenter, with smaller snort sensors on various remote subnets. I'd like to know if anyone has come up with a simple solution to centralized instant notification of alerts, other than logwatchers, etc. I have read posts of people hacking code to replace smb_client messaging with sendmail commands, using syslog, snmp trapping, etc. However, these notifications come from the sensors, not the central server. I realize I can forward this information to our central server and then on from there, but the information is already on the server, stored in the mysql database. I imagine this has been considered, but is there a good reason why it hasn't been implemented in any way? It seems like an elegant add-on to what is so far a very solid IDS solution. Thanks for any input. -Alan ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ============================================================================== NOTICE - This communication may contain confidential and privileged information that is for the sole use of the intended recipient. Any viewing, copying or distribution of, or reliance on this message by unintended recipients is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. ==============================================================================
Current thread:
- snort+mysql+acid Alan McCarty (Feb 04)
- Re: snort+mysql+acid Dustin Decker (Feb 04)
- <Possible follow-ups>
- RE: snort+mysql+acid Scott, Joshua (Feb 04)
- MySql and Snort Cilin (Feb 05)
- Re: MySql and Snort Anne Carasik (Feb 05)
- Re: MySql and Snort Cilin (Feb 07)
- MySql and Snort Cilin (Feb 05)