[Snort-users] Snort 1.7 and alerts

shawn . moyer shawn at ...1184...
Mon Mar 5 15:23:33 EST 2001


Best way (IMHO) would be to log to syslog and use Swatch 

http://www.stanford.edu/~atkins/swatch/

or Logcheck

http://www.psionic.com/abacus/logcheck

I've used Logcheck myself for this in the past, but IIRC both of these
will allow you to set a threshold to do a mail alert with.

Since you can do syslog in addition to either db or "packet tree"
alerting this should work for both of you.


--shawn


> Claude Bailey wrote:
> 
> Did anyone ever respond to the query below?  I'm looking for the same
> thing but I'm not logging to a database
> 
> -----Original Message-----
> From: John Johnson [mailto:john at ...599...]
> Sent: Thursday, February 22, 2001 4:44 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort 1.7 and alerts
> 
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
>  I there a way I can set snort to Send Emails to a list of address
>  when say it get's an alert  15 times in say 5 minutes
> form a single host? I am running snort 1.7 on Mandrake 7.2 logging
> alerts to a MySQL Database




More information about the Snort-users mailing list