[Snort-users] Email alerts for ACID

Erek Adams erek at ...577...
Sun Jul 7 21:29:02 EDT 2002


On Mon, 8 Jul 2002, Semerjian, Ohanes wrote:

> Since this subject is on the table, here is my question and hope someone
> could assist. I'm logging Snort alerts to Mysql and using ACID also, what
> trying to achieve is to get the alerts to my mailbox then I'll investigate
> the alerts of interest (not using swatch, coz I don't wana log twice)rather
> me spending time checking the ACID everyday.

Unless something has radically changed in ACID, it does _not_ have the
function you are after.  Yes, it does have an 'Email Alerts' function, but
that just simply sends the alert onscreen as an email to an address.

You might want to consider is to use swatch to watch your alert file and not
your syslog.  You'll have to tweak the swatch.conf file, but it shouldn't be
too evil.  IIRC, somewhere in the snort-users archives, there is a snippet of
a swatch script to do just that.

I might be wrong on all this--I don't have an ACID server up and going right
now.  *sigh* Just one more reason I _really_ need to get my testlab back up
and working at full steam again....

Hope that helps some!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list