[Snort-users] Snort, Windows 2000 - running external program/script on alert.

Matt Kettler mkettler at ...4108...
Fri Dec 20 11:08:04 EST 2002


Please read the detailed response to this question in the Snort FAQ

regarding external execution:
http://www.snort.org/docs/faq.html#5.9

and regarding email:
http://www.snort.org/docs/faq.html#5.7


In short, snort can't directly execute an external program without opening 
a loophole the size of texas in your IDS (it WILL drop packets for quite a 
long time while trying to exec the external program).

At 12:29 PM 12/20/2002 -0500, Brian Strickland wrote:
>is there a way directly from snort to run an external program when an alert
>is generated or indirectly (reviewing log file or sql database) to run an
>external program when a alert occurs.  Like send an email, pager program,
>etc.
>
>Brian Strickland
>
>
>
>-------------------------------------------------------
>This SF.NET email is sponsored by:  The Best Geek Holiday Gifts!
>Time is running out!  Thinkgeek.com has the coolest gifts for
>your favorite geek.   Let your fingers do the typing.   Visit Now.
>T H I N K G E E K . C O M        http://www.thinkgeek.com/sf/
>_______________________________________________
>Snort-users mailing list
>Snort-users at lists.sourceforge.net
>Go to this URL to change user options or unsubscribe:
>https://lists.sourceforge.net/lists/listinfo/snort-users
>Snort-users list archive:
>http://www.geocrawler.com/redir-sf.php3?list=snort-users





More information about the Snort-users mailing list