Re: output plugins... execute command?

[Matt Kettler <mkettler () evi-inc com>]

At 04:31 PM 11/5/2003, David R. wrote:
> I'm sorry if this seems like such an obvious question, but is there an 
> output plugin that will execute a shell command? I haven't found any 
> evience of one so far. If not, why not? I would like to send SMS messages 
> to my cell when an alert or attack comes up, but the way I see it now I 
> would have to use a third-party program to monitor the snort alert file... 
> Doesn't it seem more logical to be able to issue these alerts direction 
> from snort itself?

No, it doesn't have that output plugin because it's a security hole.

Command execution is INSANELY slow by comparison to the speed at which 
snort needs to operate.. this would cause snort to drop a very large 
numbers of packets, opening the door for someone to attack your network 
without being noticed while snort spent time executing a process.

This is really the domain of logwatching tools like logwatch, swatch, etc.. 
read the FAQ about getting snort to send you email.

The only disadvantage of a log watcher is that it might take it a few 
hundred milliseconds to start responding.. but in the case of an email, or 
sms message, that overhead isn't noticeable. It will take at least twice as 
long just for the message to send.




-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?   SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users