Snort Event Types

["Turnbough, Bradley E." <bturnbough () belcan com>]

Is it possible to generate an alert (logged to a unified file) AND also fire a script to do something on the OS of the 
sensor itself?

I have snort installed and operating properly.  Snort 2.9.5.5.  Snort currently outputs to unified2.

"output unified2: filename snort.u2, limit 128"

Barnyard2 (2.1.9) picks up the .u2 file and processes it.

Barnyard2 config:
output alert_fast: stdout
output database: alert, mysql, user=snort dbname=snorby password=blah host=ipaddresshere

I want to kick off a shell script file to do some things within the sensor when the alert is first generated.  Is this 
possible?

I'm running daemonlogger to generate pcap files, and want to be able to archive the pcap files when certain traffic 
triggers an alert.

Thanks,

Brad

_____________________________________________________________ This e-mail transmission contains information that is 
confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in 
error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, 
copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately 
by informing the sender that the message was misdirected. After replying, please erase it from your computer system. 
Your assistance in correcting this error is appreciated.

------------------------------------------------------------------------------
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!