[Snort-users] AW: (Snort-users) Feature Request

sandro.poppi at ...3316... sandro.poppi at ...3316...
Mon Sep 24 07:01:07 EDT 2001


> Hi *
>
> I'am testing Snort as a NIDS and i was quite happy until i realized,
> that Snort is far away from automatisation. As you might can imagine
> you won't look a whole day at the logs and make every minute a SQL -
> Query against a MySQL-DB.
>
> Features to be requested
> - Skript-Startup at a definite Level
>   i would like to have the followin Options:
>   Priority == 3 -> start /usr/snort/scripts/myPrio3Script
>   Priority >= 6 -> start /usr/snort/Scripts/emailalert
> xyz at ...3570...
>   Priority >= 9 -> start /usr/snort/scripts/emailalert SecurityStaff
>
> emailalert: should inform a special user or a group, that you are
> under Attack. With some Information : SourceIP, DestinationIP, Type of
> Attack
> and Priority of this event.

This part could be done via swatch. Take a look at the swatch section of
http://www.lug-burghausen.org/projects/index.html#snort-stat.

[snip]

Ciao,
Sandro





More information about the Snort-users mailing list