[Snort-users] Capturing "successful-*" alerts

Sid s_i_d_j at ...131...
Wed Jun 13 11:23:07 EDT 2001


I have Snort Version 1.8 Beta6 (Buld 25) running fine (well, almost).  I am
tailing the "alert" file with logsurfer utility and lookout for *successful*
alerts. I use the classification config from whitehats.

The problem is i want to pickup the next four lines after the line in which
the word *successful* appears and mail them to me.

Right now, i just mail a predefined string to myself everytime logsurfer
encounters a line with the word *successful* in it.

Any help?


Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com

More information about the Snort-users mailing list