[Snort-users] Email alerts for ACID

Graham Cooper gcooper at ...6246...
Mon Jul 8 06:05:10 EDT 2002


Hi Erek,

After much investigation (and frustration with Logwatch !!) I have
gotten a feasible solution to work with Snort/Acid which will email me
alerts on preconfigured parameters outlined in Logsentry
(www.psionic.com).

I have configured Logsentry to monitor the log files and based on cetain
parameters (which incidentally I configured through Webmin's Logsentry
module).

Logsentry then sends the alerts to Sendmail and on to my own mail
server.  The configuration for the destination email address and mail
server exe are in Logsentry.sh.

Rgds,

Graham Cooper
Servecast


-----Original Message-----
From: Erek Adams [mailto:erek at ...577...]
Sent: 08 July 2002 05:28
To: Semerjian, Ohanes
Cc: 'Poppi, Sandro'; Graham Cooper; Hicks, John;
snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] Email alerts for ACID


On Mon, 8 Jul 2002, Semerjian, Ohanes wrote:

> Since this subject is on the table, here is my question and hope
someone
> could assist. I'm logging Snort alerts to Mysql and using ACID also,
what
> trying to achieve is to get the alerts to my mailbox then I'll
investigate
> the alerts of interest (not using swatch, coz I don't wana log
twice)rather
> me spending time checking the ACID everyday.

Unless something has radically changed in ACID, it does _not_ have the
function you are after.  Yes, it does have an 'Email Alerts' function,
but
that just simply sends the alert onscreen as an email to an address.

You might want to consider is to use swatch to watch your alert file and
not
your syslog.  You'll have to tweak the swatch.conf file, but it
shouldn't be
too evil.  IIRC, somewhere in the snort-users archives, there is a
snippet of
a swatch script to do just that.

I might be wrong on all this--I don't have an ACID server up and going
right
now.  *sigh* Just one more reason I _really_ need to get my testlab back
up
and working at full steam again....

Hope that helps some!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


---
Incoming mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
 

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.372 / Virus Database: 207 - Release Date: 20/06/2002
 




More information about the Snort-users mailing list