Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: BASE or Snort Report ???

From: "Champ Clark III [Softwink]" <champ () softwink com>
Date: Tue, 4 Jan 2011 16:07:42 -0500

        Here's a way to e-mail out Snort alerts,  in real time.....

        Use Sagan (http://sagan.softwink.com).  First, in the Snort
configuration,  enable sending alerts via syslog:

output alert_syslog: LOG_AUTH LOG_ALERT

        Once you setup Sagan,  enable the "snort.rules".  Enable the
e-mail output plugin in the sagan.conf

max_email_threads 50
min_email_priority 0
output email: to=sagan-alerts () example com smtpserver=192.168.0.1:25 from=sagan () example com

        For more information on setting up Sagan,  check the web site 
http://sagan.softwink.com.

-- 
        Champ Clark III | Softwink, Inc | 800-538-9357 x 101
                     http://www.softwink.com

GPG Key ID: 58A2A58F
Key fingerprint = 7734 2A1C 007D 581E BDF7  6AD5 0F1F 655F 58A2 A58F
If it wasn't for C, we'd be using BASI, PASAL and OBOL.

Attachment: _bin
Description: 

------------------------------------------------------------------------------
Learn how Oracle Real Application Clusters (RAC) One Node allows customers
to consolidate database storage, standardize their database environment, and, 
should the need arise, upgrade to a full multi-node Oracle RAC database 
without downtime or disruption
http://p.sf.net/sfu/oracle-sfdevnl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: