Snort mailing list archives
RE: same tcpdump.log to remote log server instead oflocal sensor
From: Frank Knobbe <frank () knobbe us>
Date: Thu, 29 Jan 2004 12:22:34 -0600
On Wed, 2004-01-28 at 04:33, samwun wrote:
The following config in snort.conf forced the ascii logging (with payload) data files to log to an IP directory: output log_ascii: filename snort.log, limit 128
Mine just reads "output alert_ascii" if I remember correctly. That filename and limit must be a 2.1.0 thing. :)
Can you tell me how to configure snort send payload data to your email account?
By having a cron job run every minute that reads the stuff from the /var/snort/log/ directory and emails you all that stuff, then deletes what it mailed from /var/log/snort. Snort itself doesn't email. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- snort 2.1.0 bugs ? Koay Yee Chen (Jan 27)
- same tcpdump.log to remote log server instead of local sensor samwun (Jan 27)
- Re: same tcpdump.log to remote log server instead of local sensor Frank Knobbe (Jan 28)
- RE: same tcpdump.log to remote log server instead oflocal sensor samwun (Jan 28)
- RE: same tcpdump.log to remote log server instead oflocal sensor samwun (Jan 28)
- RE: same tcpdump.log to remote log server instead oflocal sensor Frank Knobbe (Jan 30)
- Re: same tcpdump.log to remote log server instead of local sensor Frank Knobbe (Jan 28)
- same tcpdump.log to remote log server instead of local sensor samwun (Jan 27)
- <Possible follow-ups>
- snort 2.1.0 bugs ? Koay Yee Chen (Jan 27)