[Snort-users] Capturing "successful-*" alerts
s_i_d_j at ...131...
Wed Jun 13 11:23:07 EDT 2001
I have Snort Version 1.8 Beta6 (Buld 25) running fine (well, almost). I am
tailing the "alert" file with logsurfer utility and lookout for *successful*
alerts. I use the classification config from whitehats.
The problem is i want to pickup the next four lines after the line in which
the word *successful* appears and mail them to me.
Right now, i just mail a predefined string to myself everytime logsurfer
encounters a line with the word *successful* in it.
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com
More information about the Snort-users