[Snort-users] Snort, Windows 2000 - running external program on alert.

Don Don at ...5881...
Fri Dec 20 11:23:03 EST 2002


I'm trying to do something similar, would like to tail the syslog file
looking for specific keywords and cause an action based on the findings, do
you know of a prog that can do the likes of the tail -f *nix command in a
win32 environment.
for instance i have a nix .pl file that looks for certain messages and can
modify ipf to block offending IP's, yet i havent found a way to do this on
win32 yet. I havent found anything that can tail the syslog and look for
'keywords', the perl file-tail doesnt work in win32 version of perl, it
requires a specific module that has not been ported to win32. any other
ideas that anyone might have?

don



> >-----Original Message-----
> >From: snort-users-admin at lists.sourceforge.net
> >[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Hicks, John
> >Sent: Friday, December 20, 2002 9:57 AM
> >To: 'Brian Strickland'; Snort Users (E-mail)
> >Subject: RE: [Snort-users] Snort, Windows 2000 - running external
> >program on alert.
> >
> >
> >IDSCenter has built-in email functionality, but not 'any'
> >program. If you're
> >looking for run x if y is found, try doing it via syslog output.
> >
> >hth,
> >John
> >
> >-----Original Message-----
> >From: Brian Strickland [mailto:brians at ...7821...]
> >Sent: Friday, December 20, 2002 12:35 PM
> >To: 'snort-users at lists.sourceforge.net'
> >Subject: [Snort-users] Snort, Windows 2000 - running external program on
> >alert.
> >
> >
> >is there a way directly from snort to run an external program
> >when an alert
> >is generated or indirectly (reviewing log file or sql database) to run an
> >external program when a alert occurs.  Like send an email, pager program,
> >etc.
> >
> >Brian Strickland
> >
> >
> >
> >-------------------------------------------------------
> >This SF.NET email is sponsored by:  The Best Geek Holiday Gifts!
> >Time is running out!  Thinkgeek.com has the coolest gifts for
> >your favorite geek.   Let your fingers do the typing.   Visit Now.
> >T H I N K G E E K . C O M        http://www.thinkgeek.com/sf/
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users at lists.sourceforge.net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> >
> >-------------------------------------------------------
> >This SF.NET email is sponsored by:  The Best Geek Holiday Gifts!
> >Time is running out!  Thinkgeek.com has the coolest gifts for
> >your favorite geek.   Let your fingers do the typing.   Visit Now.
> >T H I N K G E E K . C O M        http://www.thinkgeek.com/sf/
> >_______________________________________________
> >Snort-users mailing list
> >Snort-users at lists.sourceforge.net
> >Go to this URL to change user options or unsubscribe:
> >https://lists.sourceforge.net/lists/listinfo/snort-users
> >Snort-users list archive:
> >http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >





More information about the Snort-users mailing list