Snort mailing list archives

Previous By Date Next
Previous By Thread Next

syslog-ng email alerts

From: agnelo d <agnelofld () yahoo co uk>
Date: Wed, 31 Mar 2004 06:54:12 +0100 (BST)
Hi,
I've configured syslog-ng for receiving snort alerts from remote sensor. I'm getting the alerts in snort.log, but am 
unable to receive email alerts.
I've tested the script alert_mail.sh externally and it works.(i'm able to get mails)
can someone help in solving this problem.
 
Regards,
 
Agnelo
 
syslog-ng.conf
==================
source sensors
    {
      internal();
      tcp(ip(10.0.41.175) port(514) max-connections(7));
      unix-stream("/dev/log");
    };
destination localhost
   {
      file("/var/log/snort.log");
   };
destination email_alert_script {program ("/usr/local/bin/alert_mail.sh"); };
log { source(sensors); destination(localhost); };
log {source(sensors); destination(email_alert_script); };
==========================

alert_mail.sh
====================
#!/bin/sh
while read line; do
echo $line |mail -s "Snort Alert" idsalert () xxxx com
done
====================================

                
---------------------------------
 WIN FREE WORLDWIDE FLIGHTS - nominate a cafe in the Yahoo! Mail Internet Cafe Awards
Previous By Date Next
Previous By Thread Next

Current thread: