[Snort-users] Re: (Snort-users) swatch/snort config
edwin1118 at ...125...
Wed Jan 23 04:35:20 EST 2002
Ok, i run the swatch with no error mesg using --config-file but i can't
still receive the alert email, though i've been seeing the alert under
/var/log/snort/alert file... (it's weird...) do i need to put the whole
alert path in the "/etc/swatch/swatch.conf"?
Here is my current config.
#i put my snort-check program and recipient file under
#/usr/local/src/snort-1.8.., since i compiled snort under #/usr/local/src/
(no error here whenever i run the program manually, it sends me an email)
#here's my current swatch config
mail=edwin at ...4648... #just testing this line
### running both swatch and snort ###
then i run first the swatch before the snort program:
]swatch --config-file /etc/swatch/swatch.conf
]./snort -b -A fast -c snort.conf
then i did a simulation test via port scanning to my snort box to create
alert files and i saw the real time alert logs in my snort box using "tail
-f /var/log/snort/alert but i wasnt able to receive any email based from my
swatch.conf, what else do i need to check?
thanx in advance...
>From: <sandro.poppi at ...3316...>
> > but i got an error mesg when i tried to run /usr/bin/swatch.
> > swatch: cannot read /root/.swatchrc
> > swatch: using default configuration of:
> > watchfor = /.*/
> > echo = random
>you should use the command line option --config-file
>Take a look on the snortd script I wrote.
> > btw, what is the purpose of swatch_old2newrc? is this the
> > program that
> > runs the swatch.conf?
MSN Photos is the easiest way to share and print your photos:
More information about the Snort-users