[Snort-sigs] MS Exchange rule
Schmehl, Paul L
pauls at ...1311...
Wed Jul 23 15:26:14 EDT 2003
I'm wondering what's wrong with the logs on the server? ISTM that using
the existing mechanism would make a great deal more sense. You simply
parse the logs for login failures, and if you need to, set up a
mechanism to syslog them or email them or page you or whatever.
Paul Schmehl (pauls at ...1311...)
Adjunct Information Security Officer
The University of Texas at Dallas
AVIEN Founding Member
> -----Original Message-----
> From: Brian [mailto:bmc at ...95...]
> Sent: Wednesday, July 23, 2003 3:21 PM
> To: Kraus, Thorsten
> Cc: snort-sigs at lists.sourceforge.net
> Subject: Re: [Snort-sigs] MS Exchange rule
> On Wed, Jul 23, 2003 at 08:07:44AM +0200, Kraus, Thorsten wrote:
> > does a rule exist, where I can log wrong logins to my Microsoft
> > Exchange server? Hop so!
> Nope. Send me pcap, I'll write rules. :)
More information about the Snort-sigs