Re: Process Snort alerts on real time

[Ana Serrano Mamolar <B00315494 () studentmail uws ac uk>]

Hi, and thanks for your response.

I am already using Barnyard, but it doesn't fit with me since I have to request for alerts but I am not notified 
instantaneously when an alert is triggered. Also I need the entire payload of the packet, and barnyard don't provide 
all I need.

Maybe I haven't been clear with my first message, but what I need is something that notify me of a new alert in real 
time, in the same moment that it has been triggered.

Thanks

________________________________
From: wkitty42 () windstream net <wkitty42 () windstream net>
Sent: 21 February 2017 02:54:33
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Process Snort alerts on real time

On 02/20/2017 06:32 AM, Nora Aron wrote:
> Hi,
> I'm wondering if there is a tool to get Snort alerts on real time. I have
> configured Snort to get unified2 output. Now, when I run Snort it starts writing
> in a new snort.u2.timestamp and create a new one once it has reached the limit.
> It was enough for me until now for testing purposes.
> Now I  would like to run a program for each new alert triggered, but I haven't
> figured out how to get it automatically.

you're looking for barnyard2 to read the U2 file and put the alerts into a
database... the ou would use one of several programs like sguil or sguert or
similar to monitor the database and provide alerts of ""interesting"" things to
your phone or pager or whatever... security onion is probably a good place to
start as it has all that and more wrapped up in an ISO for installation (IIRC)...

NOTE: i am not a security onion user... i just understand that it has much of
what is desired for INFOSEC OPS...

--
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!