[Snort-users] Win32-snort users

Mike Mike at ...164...
Wed Jul 26 23:10:42 EDT 2000


Wow, people actually use snort for WIN32 ;-)

Anyone running snort-WIN32 on Win2k Advanced Server?

Michael Davis
Chief Technical Officer
Data Nerds, LLC.
http://www.datanerds.net

> Brent,
> 
> Take a look at the script I have posted at:
> 
> http://patriot.net/~carvdawg/perl.html
> 
> It's called 'snortrpt.pl'.  It's easily customizeable
> to your file structure...where nmapNT is sitting, etc.
> 
> You'll also find scripts for pulling the EventLogs,
> etc.
> 
> Regarding the emailing you of certain alerts...I am 
> working on such a script...unfortunately, I have found
> that the Win32::ChangeNotify module doesn't work with
> the EventLog files.  So, the only immediate, short-
> term solution I can offer is to write you script that 
> polls the EventLog (or multiple EventLogs) every 60 or
> so seconds, and will email you if certain alerts are
> found.  What I want to do is write a script that will
> respond when an event is generated, rather than
> polling
> the 'Logs.
> 
> I just updated my alert file with several new entries
> from the most recent rule base...I've been getting
> some
> Sub7 scans lately and want to see what else I'm 
> getting...
> 
> Carv
> 
> > I have also been using Snort both on Mandrake Linux
> > and Win32. 
> > 
> > I would be very interested in finding Perl scripts
> > to organize alerts in a
> > report and also have a tool or script to e-mail me
> > during certain alerts.
> > 
> > Right now all my alerts go into the NT event viewer.
> > I would like to run
> > Snort with a highly customized rule set on a web
> > server in our DMZ and have
> > the script e-mail me during certain alerts.
> 
> 
> __________________________________________________
> Do You Yahoo!?
> Get Yahoo! Mail - Free email you can access from anywhere!
> http://mail.yahoo.com/
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users
> 





More information about the Snort-users mailing list