[Snort-sigs] MS Exchange rule

Schmehl, Paul L pauls at ...1311...
Wed Jul 23 15:26:14 EDT 2003


I'm wondering what's wrong with the logs on the server?  ISTM that using
the existing mechanism would make a great deal more sense.  You simply
parse the logs for login failures, and if you need to, set up a
mechanism to syslog them or email them or page you or whatever.

Paul Schmehl (pauls at ...1311...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
http://www.utdallas.edu/~pauls/ 

> -----Original Message-----
> From: Brian [mailto:bmc at ...95...] 
> Sent: Wednesday, July 23, 2003 3:21 PM
> To: Kraus, Thorsten
> Cc: snort-sigs at lists.sourceforge.net
> Subject: Re: [Snort-sigs] MS Exchange rule
> 
> 
> On Wed, Jul 23, 2003 at 08:07:44AM +0200, Kraus, Thorsten wrote:
> > does a rule exist, where I can log wrong logins to my Microsoft 
> > Exchange server? Hop so!
> 
> Nope.  Send me pcap, I'll write rules.  :)




More information about the Snort-sigs mailing list