Re: alert notification mechanisms

[Erek Adams <erek () snort org>]

On Thu, 20 Feb 2003, Ken Gunderson wrote:

[...snip...]

> It seems there are two basic strategies for this; write alerts to logs
> and doing some regexp post processing with the likes of swatch or
> logsurfer, or pipe alerts through syslogd.  I've defaulted to swatch in
> the past, but am interested in exploring more modern options.
> Especially since the most recent release of swatch sports the throttle
> bug.  Logsurfer can get get kind of fat on the resources and get
> complex in a hurry.

[...snip...]

There is a third way.  Alert to a named pipe and have something on the
other end that reads/watches the pipe.

No, it's not perfect and it's not as mature as the other output methods,
but it is there and works.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users