Re: Process Snort alerts on real time

[wkitty42 () windstream net]

On 02/21/2017 04:56 AM, Ana Serrano Mamolar wrote:
> Hi, and thanks for your response.
>
> I am already using Barnyard, but it doesn't fit with me since I have to request
> for alerts but I am not notified instantaneously when an alert is triggered.
> Also I need the entire payload of the packet, and barnyard don't provide all I need.

AFAIK, barnyard2 only provides transportation of the alerts into the database... 
nothing else... you have to use other tools to analyze the database and those 
tools will perform your alerts...

> Maybe I haven't been clear with my first message, but what I need is something
> that notify me of a new alert in real time, in the same moment that it has been
> triggered.

in that case, you could whip up something in perl that monitors the alert file 
and sends your flash message when it detects what you've configured it to react 
to... i have maintained an active response tool that effectively tails the alert 
file and issues iptables/ipset rules based on activity... you can do similar 
except instead of iptables/ipset stuff, do your text messaging thing...

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!