Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Alternate Alerting for Snort - phone

From: Rich Adamson <radamson () routers com>
Date: Thu, 23 Dec 2004 17:12:35 -0600
Before I get started, I've looked through the archives and looked 'round
online and have yet to have any good luck (other than a bad link).

Management has asked me to look into real-time alerting from the Snort
sensor we employ, round the clock, to my phone. The only nearly helpful
reference I saw had a link to the old FAQ on sourforge's snort site, and
I didn't find what I was looking for elsewhere. I realize that the
potential for a storm of false-positives is very real, but, we
essentially shut down at 6:30 everyday, and coupled with good tuning,
should greatly reduce the occurrence of that after hours. This will be
running WinSnort on XP SP2, BTW. (Consolidating from several sensors to
a better located central sensor.)

The factory I used to work at had a solution in place with Watchdog and
an obsolete piece of code for heartbeats to goto their cells. But if I
recall, they spent a bit on the license for that old piece of code. 


One of the easiest ways to do that is to run Kiwi Syslog on that PC,
send your snort alerts to that syslog, and write a couple of rules
in Kiwi to send the selected rules to your cell phone via text msgs.
Been doing it for several years, works fine for low volume alerts.

I happen to be using our own product (NetLogger) for syslogging (instead
of Kiwi), but you should be able to accomplish the same with Kiwi.





-------------------------------------------------------
SF email is sponsored by - The IT Product Guide
Read honest & candid reviews on hundreds of IT Products from real users.
Discover which products truly live up to the hype. Start reading now. 
http://productguide.itmanagersjournal.com/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: