[Snort-users] Trying to add an email plugin

Michael Scheidell scheidell at ...3799...
Mon Oct 22 13:16:07 EDT 2001


I wanted to add an email plugin JUST LIKE  the smb alert plugin.

just for kicks, I took the original alert_smb and edited ONLY THE smbclient
section (put in sendmail -oi)
(well, I also had to increase the buffer since I wasn't getting the whole
alert, lots of headers including X-Priorty: 1)
edited the smb-users-file, (put in scheidell at ...3799...) and it worked , I
changed smb alerts to smtp (email ) alerts.

they I wanted to do it right.
I restored the alert_smb file,
copied the spo_alert_smb.c and .h to spo_alert_smtp.c and .h
I edited things like SetupAlertSmb to be SetupAlertSmtp
I changed smbclient -U Nessus -M % to be
sendmail -oi

I added spo_alert.smtp.c and .o to the correct places in the Makefile
I looked in other files for SetupAlertSmb (or ANYthing 'AlertSmb') and
thought I duplicated it as xxxxAlertSmtp'

Compiled it, sendmail is in the binary (strings snort | grep sendmail)
I added alert_smtp to the snort.conf,pointed it to a smtp-users-file with
'scheidell at ...3799...' in it
sighuped snort and nothing happened.

so, where else should I look?

--
Michael Scheidell
Florida Datamation, Inc.
scheidell at ...3799... 1+(561) 368-9561






More information about the Snort-users mailing list