[Snort-users] Win32-snort users
keydet89 at ...131...
Wed Jul 26 20:12:41 EDT 2000
Take a look at the script I have posted at:
It's called 'snortrpt.pl'. It's easily customizeable
to your file structure...where nmapNT is sitting, etc.
You'll also find scripts for pulling the EventLogs,
Regarding the emailing you of certain alerts...I am
working on such a script...unfortunately, I have found
that the Win32::ChangeNotify module doesn't work with
the EventLog files. So, the only immediate, short-
term solution I can offer is to write you script that
polls the EventLog (or multiple EventLogs) every 60 or
so seconds, and will email you if certain alerts are
found. What I want to do is write a script that will
respond when an event is generated, rather than
I just updated my alert file with several new entries
from the most recent rule base...I've been getting
Sub7 scans lately and want to see what else I'm
> I have also been using Snort both on Mandrake Linux
> and Win32.
> I would be very interested in finding Perl scripts
> to organize alerts in a
> report and also have a tool or script to e-mail me
> during certain alerts.
> Right now all my alerts go into the NT event viewer.
> I would like to run
> Snort with a highly customized rule set on a web
> server in our DMZ and have
> the script e-mail me during certain alerts.
Do You Yahoo!?
Get Yahoo! Mail - Free email you can access from anywhere!
More information about the Snort-users