Snort mailing list archives

Re: Real Time Alert and Variables

From: Y M <snort () outlook com>
Date: Fri, 25 Jan 2013 20:00:40 +0300

You can also use custom action types. You define them in snort.conf file, and use the new custom action type with your 
rules. Sorry can't provide resources at the moment, but it should be in the manual.

YM
________________________________
From: Nicholas Horton<mailto:fivetenets () me com>
Sent: ‎1/‎25/‎2013 7:26 PM
To: Snort Users<mailto:snort-users () lists sourceforge net>
Subject: [Snort-users] Real Time Alert and Variables

Is swatch still the best, only, current solution to kick off a script with variables such as source ip based on a 
specific snort alert?

Nick

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Master Visual Studio, SharePoint, SQL, ASP.NET, C# 2012, HTML5, CSS,
MVC, Windows 8 Apps, JavaScript and much more. Keep your skills current
with LearnDevNow - 3,200 step-by-step video tutorials by Microsoft
MVPs and experts. ON SALE this month only -- learn more at:
http://p.sf.net/sfu/learnnow-d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

Real Time Alert and Variables Nicholas Horton (Jan 25)
- <Possible follow-ups>
- Re: Real Time Alert and Variables Y M (Jan 25)
  - Re: Real Time Alert and Variables Nicholas Horton (Jan 25)
    - Re: Real Time Alert and Variables Nicholas Horton (Jan 27)
    - Re: Real Time Alert and Variables Greg Williams (Jan 27)
    - Re: Real Time Alert and Variables Nicholas Horton (Jan 27)
    - Re: Real Time Alert and Variables Greg Williams (Jan 27)
    - Re: Real Time Alert and Variables Nicholas Horton (Jan 27)
    - Re: Real Time Alert and Variables Michael Steele (Jan 27)
    - Re: Real Time Alert and Variables Greg Williams (Jan 27)
    - Re: Real Time Alert and Variables Michael Steele (Jan 31)
    - Message not available
    - Re: Real Time Alert and Variables Michael Steele (Jan 31)

(Thread continues...)