[Snort-users] Real time monitoring and/or notification?

Michael Scheidell scheidell at ...3799...
Wed Oct 24 06:33:11 EDT 2001


>
> Message: 4
> From: "Sheahan, Paul (PCLN-NW)" <Paul.Sheahan at ...2218...>
> To: "Snort List (E-mail)" <snort-users at lists.sourceforge.net>
> Date: Tue, 23 Oct 2001 18:13:56 -0400
> Subject: [Snort-users] Real time monitoring and/or notification?
>
> Hello,
>
> I was wondering if there were a tool available to allow real time
monitoring
> of attacks in Snort? I was also looking for a tool to allow notification
> (email, pager etc) with Snort? I would love to have this feature and would
> upgrade/convert to whatever version supports it. Anyone seen any tools
that
> offer these features?
>

I have some 'hacks' to alert_smb that send an email INSTEAD of smb alerts.
Basically just replaced the smbclient  -M %s with sendmail -oi %s
(made the buffer bigger, added in some headers to keep it friendly, set it
high priority in unix/Windos mailers, put the alert type on the subject like
to I could fit MOST stuff in the 110 char limit for pager.
for priceline, I will take bids....





More information about the Snort-users mailing list