[Snort-devel] mailing feature

antonat antonat at ...1996...
Thu Jul 31 11:30:13 EDT 2003


maybe a good solution would be to write the text to be e-mailed to a file
and make a daemon which periodically looks for changes in the file and
takes care to do the e-mail work

Antonatos Spyros


On Thu, 31 Jul 2003, Mario Ohnewald wrote:

> i didn?t think if that.
> thanks!
>
> ;D
>
> >-----Original Message-----
> >From: snort-devel-admin at lists.sourceforge.net
> >[mailto:snort-devel-admin at lists.sourceforge.net]On Behalf Of Erek Adams
> >Sent: Thursday, July 31, 2003 3:38 PM
> >To: Mario Ohnewald
> >Cc: snort-devel at lists.sourceforge.net
> >Subject: Re: [Snort-devel] mailing feature
> >
> >
> >On Thu, 31 Jul 2003, Mario Ohnewald wrote:
> >
> >> Found it!!
> >
> >You're really making a mistake by doing that.
> >
> >Instead log to syslog or /var/log/alert and have something like Swatch
> >handle the checking and sending of emails.  If you don't you're really
> >going to create a problem.  Each time you make a call to system, you're
> >running the risk of Snort blocking.  From the man page "...returns after
> >the command has been completed."  If you have 4 packets that come in at
> >roughly the same time, and all 4 packets generate an alert, you'll end up
> >with something like this:  Alert1 is generated, system call, creation of
> >a new process, execution of the new process, destruction of process,
> >control now returns to Snort where Alert2 is about to be generated.  The
> >cycle repeats...  Consider the fact that if you are waiting on a system
> >call to return, you're not going to be able to sniff packets.
> >
> >By all means do what's best for you and your environment.  Just be
> >forewarned that you could really hurt yourself by doing it that way.
> >
> >Cheers!
> >
> >-----
> >Erek Adams
> >
> >   "When things get weird, the weird turn pro."   H.S. Thompson
> >
> >
> >-------------------------------------------------------
> >This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> >Data Reports, E-commerce, Portals, and Forums are available now.
> >Download today and enter to win an XBOX or Visual Studio .NET.
> >http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
> >_______________________________________________
> >Snort-devel mailing list
> >Snort-devel at lists.sourceforge.net
> >https://lists.sourceforge.net/lists/listinfo/snort-devel
> >
> >
>
>
>
>
>
> -------------------------------------------------------
> This SF.Net email sponsored by: Free pre-built ASP.NET sites including
> Data Reports, E-commerce, Portals, and Forums are available now.
> Download today and enter to win an XBOX or Visual Studio .NET.
> http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
>




More information about the Snort-devel mailing list