Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: swatch alternatives?

From: "Nelson, Ben" <bnelson () rightnow com>
Date: Wed, 23 Apr 2003 11:42:41 -0600
Try logsurfer:
http://www.cert.dfn.de/eng/logsurf/
 
I use this program to watch my logs and email me about alerts.  One of its really nice features is 'contexts', which 
allow you to watch
for multi-line patterns in logs and perform different actions based on the contents of the context.  So, in your case, 
if you had several related
Snort alerts that came in at the same time (or close to it), you could send them as one alert, rather than spamming 
yourself with one notification
per alert.
 
--Ben

-----Original Message-----
From: Chris [mailto:vze2f6h6 () verizon net]
Sent: Wednesday, April 23, 2003 11:23 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] swatch alternatives?



I have been trying to setup swatch so that my snort alerts can be sent via email but I am running into problems.  I can 
not seem to get some of the needed perl modules installed.

 

What other alternatives is there that will do this?  I tried to find logwatch but it points to a cisco error page.

 

Thank you,

 

Chris Romano
Previous By Date Next
Previous By Thread Next

Current thread: