[Snort-users] Email alert
jason at ...418...
Sun Apr 22 12:50:36 EDT 2001
This was previously posted. This was Max's Vision's Response.
This is supported in Snort 1.8 - which you can download (BETA 3) at
whitehats.com, or directly from the CVS server at Sourceforge:
If it is not feasible for you to upgrade, you can do this for Snort 1.7:
cat vision.conf | sed 's/uricontent/content/g' > vision.conf
Subba Rao wrote:
> I have downloaded Max Vision rules and when I try to start snort using his
> rules, I get the following error:
> ERROR: /etc/snort-vision.conf (93) => Unknown keyword "uricontent" in rule!
> The rule is as follows:
> alert TCP $INTERNAL 80 -> $EXTERNAL any (msg: "IDS276/http-cgi-bugzilla-exploit"
> ; flags: A+; uricontent: "process_bug.cgi"; nocase; content: "blaat at ...1874...";
> nocase; reference:arachnids,276;)
> I have changed "uricontent" to "urlcontent" and that did not work. How do I
> verify the syntax of these rules?
> Another question is, how do I setup snort to send email alerts?
> Subba Rao
> subba9 at ...530...
> GPG public key ID 27FC9217
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users