Snort mailing list archives
RE: Anyone run ACIS if so - how do I email alerts
From: "Scott, Joshua" <Joshua.Scott () jacobs com>
Date: Tue, 28 Jan 2003 18:16:04 -0800
Here are a couple possibilities: 1) Write your own script (in whatever language you choose) to query the snort database, summarize the results and fire off an email with these results. Have cron run this script at specific intervals. 2) If you log alerts to syslog as well, you could probably use Logcheck or some other log analysis program to get a summary of events. Joshua Scott Security Systems Analyst, CISSP -----Original Message----- From: Scott [mailto:slewis1972 () hotmail com] Sent: Friday, January 24, 2003 6:12 AM To: snort-users () lists sourceforge net Subject: [Snort-users] Anyone run ACIS if so - how do I email alerts I have snort running, along with ACID. Is there a way that when there is an attemped alert, or even get sent a full list of alerts at a certain time to be sent to my email address. I have postfix and IMAP running. Scott ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ============================================================================== NOTICE - This communication may contain confidential and privileged information that is for the sole use of the intended recipient. Any viewing, copying or distribution of, or reliance on this message by unintended recipients is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. ============================================================================== ------------------------------------------------------- This SF.NET email is sponsored by: SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See! http://www.vasoftware.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Anyone run ACIS if so - how do I email alerts Scott (Jan 24)
- Re: Anyone run ACIS if so - how do I email alerts Erek Adams (Jan 24)
- <Possible follow-ups>
- RE: Anyone run ACIS if so - how do I email alerts Scott, Joshua (Jan 28)