[Snort-users] Email alerts for ACID

Semerjian, Ohanes Semerjian.Ohanes at ...4899...
Sun Jul 7 20:35:01 EDT 2002


G'day All,

Since this subject is on the table, here is my question and hope someone
could assist. I'm logging Snort alerts to Mysql and using ACID also, what
trying to achieve is to get the alerts to my mailbox then I'll investigate
the alerts of interest (not using swatch, coz I don't wana log twice)rather
me spending time checking the ACID everyday.



Best Regards

Ohanes Semerjian


-----Original Message-----
From: Poppi, Sandro [mailto:Sandro.Poppi at ...3316...]
Sent: Saturday, 6 July 2002 0:23
To: 'Graham Cooper'; Hicks, John; snort-users at lists.sourceforge.net
Subject: AW: [Snort-users] Email alerts for ACID


Hi,

I use Mandrake's packages. You might take a look on my HOWTO at
http://www.lug-burghausen.org/projects/index.html#snort-stat

HTH,
Sandro
> 
> Hi All,
> 
> I have tried setting up Swatch to send alerts from my log 
> files, but am
> having dependency problems with the "perl-File-Tail-xx" file, i.e. I
> cannot find a suitable RPM/Source for the Redhat 7.2 distro.
> 
> This is relating to installing Swatch to send Snort alerts via email.
> Can anyone help ?
> 
> Many Thanks in advance.
> 
> Regards,
> 
> Graham Cooper
> Servecast.
> 
> 
> 
> -----Original Message-----
> From: Hicks, John [mailto:JHicks at ...5857...]
> Sent: 04 July 2002 16:49
> To: Graham Cooper; snort-users at lists.sourceforge.net
> Subject: RE: [Snort-users] Email alerts for ACID
> 
> 
> All you need to do is make the PHP see a valid SMTP server. 
> THis server
> doesn't have to be local, just a useable one. ACID info is 
> avail iin the
> FAQ
> here: http://www.andrew.cmu.edu/~rdanyliw/snort/acid_faq.html#faq_b11
> 
> The following lines are to be set up in c:\winnt\php.ini (default
> location):
> 
> 	[mail function]
> 	; For Win32 only.
> 	SMTP =  [IPADDRESS] ; for Win32 only
> 
> 	; For Win32 only.
> 	sendmail_from =  root at ...274... ; for Win32 only
> 
> 	; For Unix only.  You may supply arguments as well (default:
> 'sendmail -t -i').
> 	;sendmail_path =
> 
> Obviously, this is setup for Win32 SMTP. I'm not to sure when 
> this file
> is
> in *nix, but it's there somewhere.
> 
> HTH,
> 
> John Hicks
> 
> -----Original Message-----
> From: Graham Cooper [mailto:gcooper at ...6246...]
> Sent: Thursday, July 04, 2002 5:49 AM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Email alerts for ACID
> 
> 
> Hi There,
> 
> I am trying to set up email alerting for alerts that are logged from
> Snort to MySQL/ACID (on RedHat 7.2).
> 
> Do I need to set up Sendmail on the Linux box to send the email alerts
> ?, also is there configuration required in PHP ?
> 
> I can't seem to find any info on this - can anyone point me 
> in the right
> direction ?
> 
> Regards,
> 
> Graham Cooper
> Servecast
> 
> 
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
>  
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Caffeinated soap. No kidding.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> ---
> Incoming mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
>  
> 
> ---
> Outgoing mail is certified Virus Free.
> Checked by AVG anti-virus system (http://www.grisoft.com).
> Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
>  
> 
> 
> -------------------------------------------------------
> This sf.net email is sponsored by:ThinkGeek
> Bringing you mounds of caffeinated joy.
> http://thinkgeek.com/sf
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Bringing you mounds of caffeinated joy.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list