[Snort-users] AW: (Snort-users) Newbie Question..

Edwin Pua edwin1118 at ...125...
Sat Jan 19 00:50:04 EST 2002


Afternoon Sandro,

    i've checked your URL and it's a good reference indeed. but i've fond 
some syntax errors in the snort-check program when i'm testing it. though i 
tried modifying it but i still some errors. do u have the latest one?
    i really wanted to test aprogram that will alert me via email based from 
my snort logs. (im running RH7.2)


# Modified Program:

#!/bin/sh
recipientfile=/etc/snort/recipients

if a recipient file exists
if [ -s "$recipientfile" ] ; then
   # generate the recipientlist with email adresses.
   for i in `cat $recipientfile` ; do
     recipients="$recipients "$i
   done

   echo "$*" | mail -s "Snort-Alert!!!" "$recipients"
fi


  thanx..

edwin

>From: <sandro.poppi at ...3316...>
>To: <edwin1118 at ...125...>
>CC: <snort-users at lists.sourceforge.net>
>Subject: [Snort-users] AW: (Snort-users) Newbie Question..
>Date: Wed, 16 Jan 2002 08:05:00 +0100
>
>Morning Edwin,
>
>This works very well on the same machine without interfering snort. If 
>you're
>monitoring more than one segment or your machine is somehow undersized it 
>may be
>a better way to use a separate pc with those tools and the underlying 
>database
>and make snort log to the remote db.
>
> > Any suggestion?
>
>You might also want to have a look at my HOWTO at www.linuxdoc.org or
>www.lug-burghausen.org/projects/index.html#snort-stat.
>
>Ciao,
>Sandro
> >


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp.





More information about the Snort-users mailing list