Snort mailing list archives

Re: Email

From: Nicholas Horton <fivetenets () me com>
Date: Thu, 30 Aug 2012 13:46:32 -0400

Thanks. I think it would.

Nick

On Aug 29, 2012, at 8:09 PM, Jason Haar <Jason_Haar () trimble com> wrote:

On 30/08/12 11:51, Greg Williams wrote:

If it were me, I would not do a db search, the database is already
processing stuff.  I would have scripts on all your sensors, monitor
the alert log, and clean the alert log every 5 minutes when the grep
is complete. Saves processing power by only searching the last 5
minutes instead of the entire db.

Wouldn't this be a good output option for barnyard2? I'd love barnyard
to be able to pipe a "snort packet" and metadata at a random program -
so it can for example send an email containing the pcap as an attachment
- or post-processes that packet and decides it's a FP and drops the
whole email alert

Hmmm, I'll bring this up on the barnyard2 list :-)


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Email Nicholas Horton (Aug 29)
- Re: Email Joel Esler (Aug 29)
  - Re: Email Horton, Nicholas A - Merrifield, VA - Contractor (Aug 29)
    - Re: Email Greg Williams (Aug 29)
    - Re: Email Nicholas Horton (Aug 29)
    - Re: Email Greg Williams (Aug 29)
    - Re: Email Jason Haar (Aug 29)
    - Re: Email Nicholas Horton (Aug 30)
    - Re: Email Bill Mathews (Aug 29)
    - Re: Email Nicholas Horton (Aug 30)
    - Re: Email Nicholas Horton (Aug 30)