[Snort-users] Email alerts for ACID + LogSentry

Graham Cooper gcooper at ...6246...
Sat Jul 6 17:22:13 EDT 2002


Hi guys,

Still stuck here !!

I have installed LogSentry successfully, but I still cant get my alerts
to be sent via email !!!

I have Snort logging successfully to MySQL/Acid, but cannot seem to get
Snort to log to a file which Logsentry will recognise.

For example, Snort seems to be logging to "Snort-XXXXX.log" - this log
file name changes every time Snort starts so I cannot define it in
Logsentry.sh (config file).

Is this log file just meant to be called "snort.log" - that's what I
have picked up from the various documentation on the web ?? but I cannot
see where to change this.

Also - is there further configuration needed for Log Sentry ?

A lot of questions I know, but I'm pulling my hair out here trying to
make sense of the various docs on the web :)

Hopefully someone can shed some light ???

Many thanks in advance.

Graham Cooper
Servecast



-----Original Message-----
From: Poppi, Sandro [mailto:Sandro.Poppi at ...3316...]
Sent: 05 July 2002 15:23
To: Graham Cooper; Hicks, John; snort-users at lists.sourceforge.net
Subject: AW: [Snort-users] Email alerts for ACID


Hi,

I use Mandrake's packages. You might take a look on my HOWTO at
http://www.lug-burghausen.org/projects/index.html#snort-stat

HTH,
Sandro
> 
> Hi All,
> 
> I have tried setting up Swatch to send alerts from my log 
> files, but am
> having dependency problems with the "perl-File-Tail-xx" file, i.e. I
> cannot find a suitable RPM/Source for the Redhat 7.2 distro.
> 
> This is relating to installing Swatch to send Snort alerts via email.
> Can anyone help ?
> 
> Many Thanks in advance.
> 
> Regards,
> 
> Graham Cooper
> Servecast.
> 
> 
> 
> -----Original Message-----
> From: Hicks, John [mailto:JHicks at ...5857...]
> Sent: 04 July 2002 16:49
> To: Graham Cooper; snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Email alerts for ACID
> 
> 
> All you need to do is make the PHP see a valid SMTP server. 
> THis server
> doesn't have to be local, just a useable one. ACID info is 
> avail iin the
> FAQ
> here: http://www.andrew.cmu.edu/~rdanyliw/snort/acid_faq.html#faq_b11
> 
> The following lines are to be set up in c:\winnt\php.ini (default
> location):
> 
> 	[mail function]
> 	; For Win32 only.
> 	SMTP =  [IPADDRESS] ; for Win32 only
> 
> 	; For Win32 only.
> 	sendmail_from =  root at ...274... ; for Win32 only
> 
> 	; For Unix only.  You may supply arguments as well (default:
> 'sendmail -t -i').
> 	;sendmail_path =
> 
> Obviously, this is setup for Win32 SMTP. I'm not to sure when 
> this file
> is
> in *nix, but it's there somewhere.
> 
> HTH,
> 
> John Hicks
> 
> -----Original Message-----
> From: Graham Cooper [mailto:gcooper at ...6246...]
> Sent: Thursday, July 04, 2002 5:49 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Email alerts for ACID
> 
> 
> Hi There,
> 
> I am trying to set up email alerting for alerts that are logged from
> Snort to MySQL/ACID (on RedHat 7.2).
> 
> Do I need to set up Sendmail on the Linux box to send the email alerts
> ?, also is there configuration required in PHP ?
> 
> I can't seem to find any info on this - can anyone point me 
> in the right
> direction ?
> 
> Regards,
> 
> Graham Cooper
> Servecast
> 
> 
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
>  
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Caffeinated soap. No kidding.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
>  
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
>  
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Bringing you mounds of caffeinated joy.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 

---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
 




More information about the Snort-users mailing list