[Snort-users] How can I setup Snort to e-mail alerts?

Sheahan, Paul (PCLN-NW) Paul.Sheahan at ...2218...
Fri Jun 22 13:38:20 EDT 2001


I set a cron job to run at midnight every night in conjunction with
snort_stat to do it. I love the format of snort_stat reports much better
than the other tools. I send 2 reports every night, one with names resolved
and one without in case I want to compare addresses against traces.

cat alert | snort_stat.pl -r | /usr/lib/sendmail -fNames admin at ...2372...
cat alert | snort_stat.pl | /usr/lib/sendmail -fAddresses admin at ...2372...

Hope this helps!

Paul


-----Original Message-----
From: Ralf Hildebrandt [mailto:Ralf.Hildebrandt at ...821...]
Sent: Friday, June 22, 2001 4:18 AM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] How can I setup Snort to e-mail alerts?


On Thu, Jun 21, 2001 at 10:22:03PM -0400, Yom, Francis wrote:

> I would like to know how, if it is possible, to set up snort to e-mail
> alerts to an administrator.  

Some other tool must parse the logfile and send mails based on what it
found. Use logcheck or logsurfer or your own flavour of grep and mailx.

-- 
ralf.hildebrandt at ...821...                            innominate AG
Technical Consultant                   Don't be afraid of what you see -
Diplom-Informatiker                     be afraid of what you don't see!
tel: +49.(0)7000.POSTFIX                        fax: +49.(0)30.308806-77




More information about the Snort-users mailing list