Snort mailing list archives

Previous By Date Next
Previous By Thread Next

alert notification mechanisms

From: Ken Gunderson <kgunders () teamcool net>
Date: Thu, 20 Feb 2003 11:57:36 -0700
Greets:

I'm curious about experiences of others utilizing various alert 
notification systems on Unix platforms.  I like to log to use acid, but 
also would like some automated notification.  

It seems there are two basic strategies for this; write alerts to logs 
and doing some regexp post processing with the likes of swatch or 
logsurfer, or pipe alerts through syslogd.  I've defaulted to swatch in 
the past, but am interested in exploring more modern options.  
Especially since the most recent release of swatch sports the throttle 
bug.  Logsurfer can get get kind of fat on the resources and get 
complex in a hurry.  

The syslogd approach makes it easy to mail/exec on various triggers, but 
doesn't support throttling.  So you end up turning to syslogd 
replacements like syslog-ng or msyslog.  The msyslog approach looks 
like it could have some interesting potential, since you can chain 
together various processing modules like regexp, classic, mysql, etc., 
and it basically follows syntax of existing syslog.  I am reluctant to 
replace something as sensitive as syslogd on a security sensitive 
application, however, particularly since opendbsd, the platform it was 
developed on, doesn't even sport it in it's port collection....

Any thoughts/experiences you fellow Unix geeks would like to share?  
Thanks bunches.

-- 
Best regards,

Ken Gunderson
PGP Key-- 9F5179FD

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.


-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: