[Snort-users] Capturing "successful" attacks

Sid s_i_d_j at ...131...
Sun Jun 17 14:39:23 EDT 2001


Hi,

I have Snort Version 1.8 Beta6 (Buld 25) running fine (well, almost).  I am
tailing the "alert" file with logsurfer utility and lookout for *successful*
alerts. I use the classification config from whitehats.

The problem is i want to pickup the next four lines after the line in which
the word *successful* appears and mail them to me.

Right now, i just mail a predefined string to myself everytime logsurfer
encounters a line with the word *successful* in it.

Any help?

Siddhartha



_________________________________________________________
Do You Yahoo!?
Get your free @yahoo.com address at http://mail.yahoo.com





More information about the Snort-users mailing list