Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: execute external program

From: Jeff Kell <jeff-kell () utc edu>
Date: Wed, 12 Oct 2005 14:13:29 -0400
Gaston Martres wrote:
I was wondering if is possible to execute an external program when a event or alert in snort is triggered. 

Look into snortsam (http://snortsam.net).  This lets alerts be forwarded to snortsam, which in turn can invoke a number of 
plugins, primarily to automate firewall configuration in response to alerts.  There is no generic plugin [yet] to invoke an 
external, but if you grab the source you can tweak some of the plugins to do just that (the Tracker SMTP plugin, for one, 
invokes an external script, I've tweaked it to do this).

Jeff



-------------------------------------------------------
This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: