[Snort-users] Win32-snort users

Erickson Brent W KPWA erickson at ...160...
Wed Jul 26 23:23:53 EDT 2000


Yes, and a big vote of thanks to you and Martin. I run Snort version 1.6 on
NT and it runs solid, even after a very heavy NMAP beating. I have not tried
version 1.6.3 yet but will soon. We may also try it very soon on W2k
advanced server running as a standalone IDS for web server applications. If
we do I will let you know how it went.

Thanks again to you, Martin, and all the other Snort users for producing,
improving, porting, and sharing such a wealth of valuable information.

Sincerely,

Brent W. Erickson
 

> -----Original Message-----
> From:	Mike [SMTP:Mike at ...164...]
> Sent:	Wednesday, July 26, 2000 8:11 PM
> To:	H Carvey; Snort Users
> Subject:	Re: [Snort-users] Win32-snort users
> 
> Wow, people actually use snort for WIN32 ;-)
> 
> Anyone running snort-WIN32 on Win2k Advanced Server?
> 
> Michael Davis
> Chief Technical Officer
> Data Nerds, LLC.
> http://www.datanerds.net
> 
> > Brent,
> > 
> > Take a look at the script I have posted at:
> > 
> > http://patriot.net/~carvdawg/perl.html
> > 
> > It's called 'snortrpt.pl'.  It's easily customizeable
> > to your file structure...where nmapNT is sitting, etc.
> > 
> > You'll also find scripts for pulling the EventLogs,
> > etc.
> > 
> > Regarding the emailing you of certain alerts...I am 
> > working on such a script...unfortunately, I have found
> > that the Win32::ChangeNotify module doesn't work with
> > the EventLog files.  So, the only immediate, short-
> > term solution I can offer is to write you script that 
> > polls the EventLog (or multiple EventLogs) every 60 or
> > so seconds, and will email you if certain alerts are
> > found.  What I want to do is write a script that will
> > respond when an event is generated, rather than
> > polling
> > the 'Logs.
> > 
> > I just updated my alert file with several new entries
> > from the most recent rule base...I've been getting
> > some
> > Sub7 scans lately and want to see what else I'm 
> > getting...
> > 
> > Carv
> > 
> > > I have also been using Snort both on Mandrake Linux
> > > and Win32. 
> > > 
> > > I would be very interested in finding Perl scripts
> > > to organize alerts in a
> > > report and also have a tool or script to e-mail me
> > > during certain alerts.
> > > 
> > > Right now all my alerts go into the NT event viewer.
> > > I would like to run
> > > Snort with a highly customized rule set on a web
> > > server in our DMZ and have
> > > the script e-mail me during certain alerts.
> > 
> > 
> > __________________________________________________
> > Do You Yahoo!?
> > Get Yahoo! Mail - Free email you can access from anywhere!
> > http://mail.yahoo.com/
> > 
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > http://lists.sourceforge.net/mailman/listinfo/snort-users
> > 
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users





More information about the Snort-users mailing list