FW: [Snort-users] Sending Alert Via E-mail

Erek Adams erek at ...577...
Sun Nov 25 13:25:02 EST 2001


On Sat, 24 Nov 2001, Fadzly Zainuddin wrote:

> I'm connecting my Snort IDS machine together my mail server in the same hub.

Caution:  Not all hubs are hubs.  See FAQ 6.2.1

http://www.snort.org/docs/faq.html#6.21

> I just wonder why my IDS could not detect anything when I scan my mail
> server port. When I scan IDS machine port , my IDS able to detect. I send a
> port scanning request from external PC. Theoretically when I scan my mail
> server, my IDS machine should receive a same thing because hub will
> broadcast right? Am I correct or I need the specified a special command.
> Current my command is
>
> ./snort -dev -l ./log -h xxx.xxx.xxx.0/24 -c snort.conf

Now, If that's not your problem, then I would think it's in your snort.conf
settings.

As for emailing alerts:  5.7

http://www.snort.org/docs/faq.html#5.7

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list