RES: RES: RES: sending alerts by email / active response Win2K system [RMC-J7FLJI4] [Snort-users]

["Romulo M. Cholewa" <rmc () rmc eti br>]

Simply answered all questions with one little program.
 
Thanks!





Romulo M. Cholewa
Home : http://www.rmc.eti.br
Forum: http://zeus.rmc.eti.br/forum
PGP Keys Available @ website.

   "You cannot go back and have a brand new start, but you can   
          start right now and change the way it ends."          
                                                                 
  


        -----Mensagem original-----
        De: Lok Ying Chung [mailto:rogerchung2 () yahoo com hk] 
        Enviada em: quarta-feira, 29 de janeiro de 2003 00:17
        Para: Romulo M. Cholewa; Michael Steele; snort-users () lists sourceforge net
        Assunto: Re: RES: RES: sending alerts by email / active response Win2K system [RMC-J7FLJI4] [Snort-users]
        
        

        Hi, 

        I just get the IDScenter and it can send e-mail alert for snort...you can try it 

        it is availble at www.packx.net 

        Regards, 

        Roger Chung 

         "Romulo M. Cholewa" <rmc () rmc eti br> wrote: 

                嚜?lt;!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> 
                Hi,
                 
                I just installed Kiwi Syslog Daemon and, as a matter of fact, you won't need to send the alerts to the 
event log, because it can send directly to an email address.
                 
                Regards,
                
                Romulo M. Cholewa
                Home : http://www.rmc.eti.br
                Forum: http://zeus.rmc.eti.br/forum
                PGP Keys Available @ website.
                
                    "Those who make peaceful revolution impossible will make    
                             violent revolution inevitable." -- JFK.             
                                                                                 
                                                                                 
                

                        -----Mensagem original-----
                        De: Lok Ying Chung [mailto:rogerchung2 () yahoo com hk] 
                        Enviada em: ter癟a-feira, 28 de janeiro de 2003 23:16
                        Para: Romulo M. Cholewa; Michael Steele; snort-users () lists sourceforge net
                        Assunto: Re: RES: sending alerts by email / active response Win2K system [RMC-J7FLJI4]
                        
                        

                        HI Choelwa, 

                        How to get the Syslog Daemon for Windows 2k Pro? Is it can configured to submit snort alert log 
to windows event log? 

                        Regards, 

                        Roger Chung 

                         "Romulo M. Cholewa" <rmc () rmc eti br> wrote: 

                                Hi Michael,
                                
                                That's good news. With Syslog Daemon, I can configure it to submit the snort alert log 
to the system event log. Then, I can use an app like EventWatchNT, to send specific alerts to an email address.
                                
                                You can find EventWatchNT here:
                                
                                http://www.webattack.com/get/eventwatch.shtml
                                
                                When I get to the lab I'll test it. Thanks! 
                                
                                Romulo M. Cholewa.
                                
                                
                                
                                -----Mensagem original----- 
                                De: Michael Steele [mailto:michaels () silicondefense com] 
                                Enviada: ter 1/28/2003 13:44 
                                Para: Romulo M. Cholewa; snort-users () lists sourceforge net 
                                Cc: 
                                Assunto: RE: sending alerts by email / active response Win2K system [RMC-J7FLJI4]
                                
                                
                                
                                Romulo, 
                                
                                You will need something like Syslog Daemon and run the alerts through that. 
                                It has an option of emailing on certain triggers. If you find a free tool 
                                that works, please let us windows folks know. The alerts can be sent to the 
                                Event Viewer, application log in Windows and if you can find something to 
                                parse that file and alert, that would be great. 
                                
                                -Michael 
                                -- 
                                Michael Steele | System Engineer / Support Technician 
                                mailto:michaels () silicondefense com 
                                Silicon Defense: IDS solutions - http://www.silicondefense.com 
                                Snort: Open Source Network IDS - http://www.snort.org 
                                
                                
                                -----Original Message----- 
                                From: snort-users-admin () lists sourceforge net 
                                [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Romulo M. 
                                Cholewa 
                                Sent: Monday, January 27, 2003 8:05 PM 
                                To: snort-users () lists sourceforge net 
                                Subject: [Snort-users] sending alerts by email / active response Win2K 
                                system [RMC-J7FLJI4] 
                                
                                Hi All, 
                                
                                Sorry about these bunch of newbie questions. I'm in the path of evaluating 
                                snort, and it's being used on Windows 2000 Server. Everything is running 
                                really smooth. I had a BSOD, but I think it's related to the packet capture 
                                driver version. 
                                
                                I would like to ask experienced snort users, if there are any ways of 
                                emailing some alerts (maybe a perl script of some sort that would parse the 
                                alert.ids file and send emails if it finds a specific alert). Also if there 
                                are any ways of automating the process of filtering out dynamically some 
                                kinds of attacks. I already know that it will not be easy with Windows 2000, 
                                but maybe snort can be used together with some firewall / filtering product 
                                available. Currently using Zone Alarm Pro. 
                                
                                If these things are possible, I would like to thank in advance if someone 
                                could point me to the right direction. 
                                
                                Thanks again, 
                                
                                Romulo M. Cholewa 
                                Home : http://www.rmc.eti.br 
                                Forum: http://zeus.rmc.eti.br/forum 
                                PGP Keys Available @ website. 
                                
                                "Those who make peaceful revolution impossible will make 
                                violent revolution inevitable." -- JFK. 
                                
                                
                                
                                
                                ------------------------------------------------------- 
                                This SF.NET email is sponsored by: 
                                SourceForge Enterprise Edition + IBM + LinuxWorld http://www.vasoftware.com 
                                _______________________________________________ 
                                Snort-users mailing list 
                                Snort-users () lists sourceforge net 
                                Go to this URL to change user options or unsubscribe: 
                                https://lists.sourceforge.net/lists/listinfo/snort-users 
                                Snort-users list archive: 
                                http://www.geocrawler.com/redir-sf.php3?list 
                                
                                
                                
                                
N?俟DM???#39;???嚚Z+蹓?#39;??+???>.)?+???)??#39;??ㄧ??暑????鋆單??閮€???吐?蝪?瘛???~?誣w??????湛???唾???瞍?n??菊?ㄧ曏?,嚚??蹓輻?曏???-?游?Ｘ?瘣??蝪?瘛????ㄧ??蝳輸??日?o銴?璇?刃??蝪?

                        Ichiban?幼 
<http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listsongs?cat=003001> 嚗?lt;A 
href="http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listsongs?cat=001001";>?僑隞嚗?lt;A 
href="http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listsongs?cat=002001";>銝?甈⊥?瘛?lt;/A>嚗?lt;A
 href="http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listsongs?cat=002009";>憟賢???...
                        ?恍€?頛In???渲 
<http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listnews?s=-songcode> 
                        Download the HOTTEST ringtones from Yahoo! 
<http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listnews?s=-songcode> 
                        

        可惜我是水瓶座(楊千嬅) <http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listsongs?cat=002004> 
，煙火的季節(F4) <http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listsongs?cat=003106> ，無間道(劉德華) 
<http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listsongs?cat=006004> ...
        過千首手機鈴聲 點Ring都得 <http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/>