Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Does anyone use swatch?

From: Will Metcalf <william.metcalf () gmail com>
Date: Sun, 25 Apr 2010 17:33:33 -0500
Ya... Use something like barnyard alert full output with a custom
record separator. so something like...

swatch -c /etc/swatchrc
--input-record-separator="=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+=+\n"
--read-pipe="tail -f /var/log/snort/snort-full" --daemon

Regards,

Will

On Sun, Apr 25, 2010 at 5:16 PM, ccie 6862 <ccie6862 () yahoo com> wrote:

I've used swatch for some time, and I've decided to use it to alert me on the snort logs. What I'd like to do is to 
append some of the interesting part of the snort alert into the payload of the email. Has anyone done this? I did 
post this to the swatch users group, but since there has only been around 5 postings in the past 5 years or so, I 
don't expect an answer.

Thanks




------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users



------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: