[Snort-sigs] Email alerts

lists at ...3397... lists at ...3397...
Wed Feb 24 11:25:45 EST 2016

On 02/24/16 10:18, Mikey van der Worp wrote:
> Thats a lot of information!
> Anyhow.. I think this helps him a bit more..
> http://www.linuxsecurity.com/content/view/117377/49/

Great article, for 'destination email_alert_script {program
("/usr/local/bin/alert_mail.sh "); }; ' I recommend pointing to mini-sendmail
since you don't need a local MTA and you can point it to upstream without
dealing with traditional local relay issues:


I use it here and it works well, even over IPv4 and IPv6 networks.  You might
have to do a subshell for piping to create the originator headers like Date,
From, To, Subject, etc.

Nice link Mikey thank you for sharing it.  A easy use case for ARUN might be
just to tail -f --follow=name with some grep (maybe -P for PCRE) piped to

ARUN, what are you looking for specifically?

More information about the Snort-sigs mailing list