[Snort-sigs] MS Exchange rule

Schmehl, Paul L pauls at ...1311...
Wed Jul 23 15:26:14 EDT 2003

I'm wondering what's wrong with the logs on the server?  ISTM that using
the existing mechanism would make a great deal more sense.  You simply
parse the logs for login failures, and if you need to, set up a
mechanism to syslog them or email them or page you or whatever.

Paul Schmehl (pauls at ...1311...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member

> -----Original Message-----
> From: Brian [mailto:bmc at ...95...] 
> Sent: Wednesday, July 23, 2003 3:21 PM
> To: Kraus, Thorsten
> Cc: snort-sigs at lists.sourceforge.net
> Subject: Re: [Snort-sigs] MS Exchange rule
> On Wed, Jul 23, 2003 at 08:07:44AM +0200, Kraus, Thorsten wrote:
> > does a rule exist, where I can log wrong logins to my Microsoft 
> > Exchange server? Hop so!
> Nope.  Send me pcap, I'll write rules.  :)

More information about the Snort-sigs mailing list