[Snort-sigs] swatch / sig issue

Nick Duda nduda at ...1896...
Tue Nov 18 08:06:05 EST 2003


Thanks for the recommendation. I did find out how to use swatch to do
all what I wanted perfectly ( a bit of RTFM). Syslog+Swatch=good results
:)

- Nick

-----Original Message-----
From: Edin Dizdarevic [mailto:edin.dizdarevic at ...2020...] 
Sent: Tuesday, November 18, 2003 11:03 AM
To: Nick Duda
Cc: snort-sigs at lists.sourceforge.net
Subject: Re: [Snort-sigs] swatch / sig issue


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Nick,

Have you tried logsurfer? I think I've read somewhere that logsurfer was
developed out of swatch due to its limited capabilities. However, I'm
not sure about this.

Anyway, logsurfer is _very_ powerful. I use it for observation of all my
logfiles. There are also many examples including some for Snort.

Take a look on older snort-user threads, since we have this discussed
there...

Regards,
Edin


Nick Duda schrieb:

| Perhaps this is the wrong forum for this, but I cant find any 
| resources to help on this.
|
| I have swatch running, however is their anyway to make it echo more 
| then the first line to an email, screen , anything. I have it working 
| but it only sends the line it finds on the "watch for" statement.
|
| Thanks,
| Nick
|

- --
Edin Dizdarevic
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.3 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQE/ukKtMGG0isywXOwRAtYWAJwN4Xd7gZ6o2FJioDx2UEy7QifUkgCg0vbK
ieWOaqKXPj9qsIwbAYSm/aI=
=TuO8
-----END PGP SIGNATURE-----





More information about the Snort-sigs mailing list