[Snort-users] AW: AW: (Snort-users) AW: (Snort-users) Newbie Question..

sandro.poppi at ...3316... sandro.poppi at ...3316...
Tue Jan 22 03:17:04 EST 2002


Edwin,

as you can see in the original snort-check script it's intended to be run from
within swatch. To send the actual /var/log/alert you'll have to use cat/tail or
such (you surely don't want to send the whole file ech time) instead of echo
"$*" | mail ...

For exactly that reason I use swatch to send me alerts nearly in realtime (every
minute). snort-check won't send any alerts without being triggered anyhow,
that's were swatch comes into sight (see Configuring swatch in my HOWTO).

If you do see alerts but get no email (and you are using swatch or something
else to trigger snort-check) take a look at your maillog or try root at ...274...
as a recipient.

HTH,
Sandro

>
> Hi Sandro,
>
>    So far there's no error in the program after changing it
> #!/bin/bash and
> upon compiling it.
>
>    But it doesnt send the actual alert file. I mean, i did a
> simulation test
> using nmap to alert my snort box. But the snort-check program
> didn't send
> any email, though i've seen in the snort box using "tail -f
> /var/log/snort/alert" file that there's some port scanning going on.
>
>    What will i edit or add in the snort-check program to
> email the actual
> alert files of snort in real time once attacks have been
> detected by the
> snort?
>
>    thanx for ur help.
>
>
>
>
> regards,
> Edwin
>
>
>
>
> >From: <sandro.poppi at ...3316...>
> >To: <edwin1118 at ...125...>
> >CC: <snort-users at lists.sourceforge.net>
> >Subject: AW: (Snort-users) AW: (Snort-users) Newbie Question..
> >Date: Mon, 21 Jan 2002 07:20:00 +0100
> >I checked the modified program on RH 7.0 and 7.2 and it
> worked without
> >error.
> >The only thing I did was adding a # before the line
> >"if a recipient file exists"
> >
> >Could you please be more specific if the error still exists?
> Please include
> >the
> >error message and line number. You may take a look on
> /bin/sh: If it does
> >not
> >point to /bin/bash then this may be the error. Replace #!/bin/sh with
> >#!/bin/bash. I will fix this in the next version to be more specific.
> >
> >Ciao,
> >Sandro
> >
>
>
>
>
> _________________________________________________________________
> Send and receive Hotmail on your mobile device: http://mobile.msn.com
>
>
>





More information about the Snort-users mailing list