Snort mailing list archives
Re: Snort Event Types
From: Dave Corsello <snort-users () wintertreemedia com>
Date: Thu, 27 Mar 2014 09:46:04 -0400
Configure Snort with an additional output statement to send alerts to an alert_fast file. Your script can monitor that file and act on certain alerts. On 3/27/2014 9:13 AM, Turnbough, Bradley E. wrote:
Is it possible to generate an alert (logged to a unified file) AND also fire a script to do something on the OS of the sensor itself? I have snort installed and operating properly. Snort 2.9.5.5. Snort currently outputs to unified2. "output unified2: filename snort.u2, limit 128" Barnyard2 (2.1.9) picks up the .u2 file and processes it. Barnyard2 config: output alert_fast: stdout output database: alert, mysql, user=snort dbname=snorby password=blah host=ipaddresshere I want to kick off a shell script file to do some things within the sensor when the alert is first generated. Is this possible? I'm running daemonlogger to generate pcap files, and want to be able to archive the pcap files when certain traffic triggers an alert. Thanks, Brad _____________________________________________________________ This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated. ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort Event Types Turnbough, Bradley E. (Mar 27)
- Re: Snort Event Types Dave Corsello (Mar 27)
- Re: Snort Event Types James Lay (Mar 27)
- Re: Snort Event Types Dave Corsello (Mar 27)