Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Alert notification - HELP!! -URGENT!!

From: "William Metcalf" <count_zero_rod () hotmail com>
Date: Mon, 31 Mar 2003 02:46:09 -0600
If you mean e-mail alerts use swatch, download the following packages and install something like this.


tar -xzvf Bit-Vector*.tar.gz
cd Bit-Vector* 
perl Makefile.PL
make && make install
cd..

tar -xzvf Date-Calc*.tar.gz
cd Date-Calc*
perl Makefile.PL
make && make install
cd..

tar -xzvf TimeDate*.tar.gz
cd TimDate*
perl Makefile.PL
make && make install
cd..

tar -xzvf File-Tail*.tar.gz
cd File-Tail*
perl Makefile.PL
make && make install
cd..

tar -xzvf Time-HiRes*.tar.gz
cd Time-HiRes*
perl Makefile.PL
make && make install
cd..

tar -xzvf swatch*.tar.gz
cd swatch*
perl Makefile.PL
make && make install
cd..

vi /etc/swatchrc
i (to insert new text)

watchfor   /.*/
echo bold
mail addresses=joeuser123\@hotmail.com,subject=---Snort IDS Alert---

ESC (to exit insert mode)
:w (to write file)
:q (to quit vi)

swatch --deamon -c /etc/swatchrc -t /var/log/snort/alert
Previous By Date Next
Previous By Thread Next

Current thread: