[Snort-users] How to enable mail notication?

Michael Aylor maylor at ...1991...
Wed Jan 23 15:49:04 EST 2002


This is fantastic, been meaning to figure out how to do this...

Can you provide a glimpse of what your syslog.conf file looks like?  


Mike

-----Original Message-----
From: Glenn E. Bailey III [mailto:gbailey at ...4424...]
Sent: Wednesday, January 23, 2002 9:58 AM
To: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] How to enable mail notication?


Here is a quick and really dirty script I run, you have
to setup snort to log via syslog and setup syslog to log
snort alerts to a seperate file .. Only good if you have
a small site really, and like I said, it's dirty:

#!/usr/bin/perl

use strict;

my $snort_log     = '/var/log/snort.log'; # location of snort.log generated
by syslog
my $snort_log_old = '/var/log/snort/old/snort'; # path to dir where to store
old logs
my $notify_log    = '/var/log/snort/notify.log'; # path to log where to log
notifications
my $email         = 'youremail at ...4651...'; # guess what this is ;-)

open(SNORT_LOG, "$snort_log");

if (! <SNORT_LOG>) {
        exit();
        }

else {
        system("mail $email -s \"Snort alert\" < $snort_log");

        open(NOTIFY, ">>$notify_log");
        my $localtime = localtime();
        print NOTIFY "$localtime - Alert sent to $email\n";
        close NOTIFY;

        my $time = time();
        system("mv $snort_log $snort_log_old.$time");
        system("kill -SIGHUP \`cat /var/run/syslogd.pid\`");
        exit();
        }

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net]On Behalf Of Erek Adams
Sent: Wednesday, January 23, 2002 9:50 AM
To: My Security
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] How to enable mail notication?


On Wed, 23 Jan 2002, My Security wrote:

> I would like to enable sending mail if there is alert
> on my email address.
>
> How will I be able to configure this option to the
> snort.conf.

You can't.

http://www.snort.org/docs/faq.html#5.7

Also read the users manual from the Documentation page.  The rest of the FAQ
won't hurt either....

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users


CONFIDENTIALITY NOTICE:

************************************************************************

The information contained in this ELECTRONIC MAIL transmission
is confidential.  It may also be privileged work product or proprietary
information. This information is intended for the exclusive use of the
addressee(s).  If you are not the intended recipient, you are hereby
notified that any use, disclosure, dissemination, distribution [other
than to the addressee(s)], copying or taking of any action because
of this information is strictly prohibited.

************************************************************************
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020123/c5f98af5/attachment.html>


More information about the Snort-users mailing list