RE: snort funtionallity (alert triggered emailing alternative)

["McCash, John" <John.McCash () andrew com>]

Hi,
        I've found one other reference, which I haven't seen discussed
here on the list, to a way for snort to alert via email. If you use the
snort-perl addon, you can script a rule (with thresholding, obviously)
to email when it triggers. See Brian Casewell's presentation on it at
http://www.snort.org/dl/contrib/patches/snort-perl/presentations/caswell
-nathan.ppt for the details. They're on the 'Even more advanced foo'
page... Unfortunately, the version of the snort-perl patch that is
currently available doesn't work with the current version of snort, but
Brian recently volunteered to update it if there was sufficient
interest. One side benefit of this is that you don't have to work with
text logs, for those of us who use ACID or BASE exclusively.
                John
------------------------------------------------------------------------------------------------
This message is for the designated recipient only and may
contain privileged, proprietary, or otherwise private information.  
If you have received it in error, please notify the sender
immediately and delete the original.  Any unauthorized use of
this email is prohibited.
------------------------------------------------------------------------------------------------
[mf2]


-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now.
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users