Snort mailing list archives
Re: ACID Email alerts
From: Ben Nelson <lists () venom600 org>
Date: Fri, 31 Oct 2003 16:06:19 -0700
I wrote a python script that emails me summaries of my Snort MySQL database and has the ability to page me when a certain threshold is reached. You can find it at:
http://www.venom600.org/code/SnortSlinger/It was a quick hack until I get have some free personal time to put into some form of instantaneous event correlation and paging/emailing system.....but it works pretty well if you're logging to a MySQL database.
--Ben Lane LiaBraaten wrote:
On Friday 31 October 2003 09:12 pm, Schmehl, Paul L wrote:Just curious ... I configured the acid_conf.php email section but I do not get email alerts. Is there another component I need to set up to get email to work? I can sent myself emailAFIK, Snort and ACID do not support real time email alerts. If you are using Linux, swatch (Simple log WATCHer) will monitor your system log and send you an email as soon as snort (or any other regex you specify) writes to the system log. I don't know if there is a similar approach for windows.ACID does not send automated email alerts. You have to send them manually. Once you've done a search or you've viewed a particularPaul Schmehl (pauls () utdallas edu)What good is a NIDS if it doesn't automatically alert you when it detects something?LGL ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list
------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID Email alerts Krueger, Brian (Oct 28)
- <Possible follow-ups>
- ACID Email alerts Krueger, Brian (Oct 30)
- RE: ACID Email alerts Peters, Michael D. (Oct 31)
- RE: ACID Email alerts Schmehl, Paul L (Oct 31)
- Re: ACID Email alerts Lane LiaBraaten (Oct 31)
- Re: ACID Email alerts Ben Nelson (Oct 31)
- Re: ACID Email alerts Lane LiaBraaten (Oct 31)