[Snort-users] How to send alerts automaticly by mail

Semerjian, Ohanes Semerjian.Ohanes at ...4899...
Mon Aug 19 17:02:04 EDT 2002


I guess that is one possibility but Roman is using Mysql for logging (which
is better) rather than syslog. I run 8 snort sensors and log also to Mysql
the best way is to write a sql query to extract the alerts u want to be
e-mailed and place then into a file then e-mail it from that box.

If ur knowledge in sql not that great (neither do I )get someone that have
good experience with mysql to write a query for u but u need to explain to
them what u want. I've e-mail alerts get sent to me automatically from all
of the 8 sensors that I'm running.


Best Regards

Ohanes Semerjian

PGP kEY 
6604 2A46 E64F BEBF A4B7  9D01 9E08 399C 9D45 3254


-----Original Message-----
From: Matt Kettler [mailto:mkettler at ...4108...]
Sent: Saturday, 17 August 2002 8:41
To: Roman Anger; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] How to send alerts automaticly by mail


The snort FAQ addresses this directly.

http://www.snort.org/docs/faq.html#5.7

5.7 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--

Q: How do I get snort to e-mail me alerts?

A: Log to syslog and use swatch or logcheck.

At 02:02 PM 8/16/2002 +0200, Roman Anger wrote:
>Hi all,
>
>I´m a newby to snort.
>How can I send automaticly a email to a Admin when a special event occurs?
>
>I´m using snort with mysql and acid.
>
>Thanx in advance
>
>-----------------------------------------
>Network4You
>Gesellschaft für Computernetze
>und Internetanwendungen mbH

>
>Albert-Rosshaupter-Str. 33-35
>81369 München
>
>Roman Anger
>Systemadministrator, Heterogene Netze
>
>TEL:   +49 (89) 741206-48
>
>r.anger at ...6638...
>www.network4you.de
>-----------------------------------------
>
>
>-------------------------------------------------------
>This sf.net email is sponsored by: OSDN - Tired of that same old
>cell phone?  Get a new here for FREE!
>https://www.inphonic.com/r.asp?r___________________________________________
____
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list



-------------------------------------------------------
This sf.net email is sponsored by: OSDN - Tired of that same old
cell phone?  Get a new here for FREE!
https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list