Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: monitoring email alert

From: Daniel Cid <danielcid () yahoo com br>
Date: Sun, 2 Jul 2006 18:51:29 -0300 (ART)
Hi Joel and Oliver,

Other tool that can generate e-mails based on the
snort
alerts is ossec. I sent an e-mail some time ago to the
list about this subject, so I will just paste it
bellow:


"
In addition to using swatch, you can try ossec to
generate e-mails/active responses based on your snort
logs. It is much more powerful then swatch (or
guardian) because it allows you to alert based on:

-Single IDS events.
-Mutliple IDS events for same source ip in a specific
timeframe.
-Multiple IDS events for same snort ID in a specific
time.
-Only for the first time a Snort ID is seen.
-Only for the first time a Snort ID/IP combo
is seen.
-Only on specific categories.
-Only on specific priorities (or any other option
you want).
-You can ignore specific IPs/Snort IDS.
-You can specify maximum number of alerts per hour,
and if this number is reached, it will send all the
alerts in just one e-mail.
-You can ignore automatically rules that alert too
often.

Oh, ossec also analyzes a lot of other log formats,
being easy to integrate with other applications.

*Don't take my word for it, because I'm an ossec
developer, but you should give it a try. Installation
is pretty easy too.

Last version:
http://www.ossec.net/files/ossec-hids-0.8-3.tar.gz

Website:
http://www.ossec.net
"


Thanks and sorry for the duplicated e-mail.

--
Daniel B. Cid
dcid @ ( at ) ossec.net

--- Joel Esler <joel.esler () sourcefire com> escreveu:


Snort does not send emails by itself, you need to
look into a 3rd party plugin such as Swatch, BASE,
or something similar.

On Thu, Jun 29, 2006 at 08:21:53PM +0800, Oliver A.
Rojo wrote:

Is it possible for snort to have its monitoring

alert via email wherein 

say, it will send sysadmins its reports each day?

-- 


Oliver A. Rojo








______________________________________________________________


This email and any files transmitted with it are

confidential 

and intended solely for the use of the individual

or entity to 

whom they are addressed. If you have received this

email in error 

please notify the system manager. Please note that

any views or 

opinions presented in this email are solely those

of the author 

and do not necessarily represent those of the

company. Finally, 

the recipient should check this email and any

attachments for the

 presence of viruses. The company accepts no

liability for any 

damage caused by any virus transmitted by this

email.



Using Tomcat but need to do more? Need to support

web services, security?

Get stuff done quickly with pre-integrated

technology to make your job easier

Download IBM WebSphere Application Server v.1.0.1

based on Apache Geronimo





http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or

unsubscribe:





https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:




http://www.geocrawler.com/redir-sf.php3?list=snort-users





+---------------------------------------------------------------------+

Joel Esler          Senior Security Consultant      
  1-706-627-2101
Sourcefire    Security for the /Real/ World --
http://www.sourcefire.com
Snort - Open Source Network IPS/IDS --
http://www.snort.org
GPG Key http://demo.sourcefire.com/jesler.pgp.key


+---------------------------------------------------------------------+


Using Tomcat but need to do more? Need to support
web services, security?
Get stuff done quickly with pre-integrated
technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1
based on Apache Geronimo


http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or
unsubscribe:


https://lists.sourceforge.net/lists/listinfo/snort-users

Snort-users list archive:


http://www.geocrawler.com/redir-sf.php3?list=snort-users






                
_______________________________________________________ 
Novidade no Yahoo! Mail: receba alertas de novas mensagens no seu celular. Registre seu aparelho agora! 
http://br.mobile.yahoo.com/mailalertas/ 
 


Using Tomcat but need to do more? Need to support web services, security?
Get stuff done quickly with pre-integrated technology to make your job easier
Download IBM WebSphere Application Server v.1.0.1 based on Apache Geronimo
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=120709&bid=263057&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: