[Snort-users] Email alert and porscan.log on a daily basis

matt mkettler at ...4108...
Sat Jun 1 12:34:48 EDT 2002


Personally I have a small script in my daily cron that emails me the 
logfiles and then rotates them.

My script is quick, dirty, and might not work for you, but this is the 
basic crux of the script is below (and yes I've modified my email address 
to an invalid one in case someone is foolish enough to not change it :)
-----------------------------

SNORTLOGS=/var/log/snort

mail -s"Snort: Alerts" mkettler_snort at ...4108... < ${SNORTLOGS}/alert
mail -s"Snort: Portscans Summary" mkettler_snort at ...4108... < ${SNORTLOGS}/log

rm ${SNORTLOGS}/alert.2
mv ${SNORTLOGS}/alert.1 ${SNORTLOGS}/alert.2
mv ${SNORTLOGS}/alert ${SNORTLOGS}/alert.1


rm ${SNORTLOGS}/log.2
mv ${SNORTLOGS}/log.1 ${SNORTLOGS}/log.2
mv ${SNORTLOGS}/log ${SNORTLOGS}/log.1


At 03:52 PM 5/31/2002 -1000, JEFF Collins wrote:
>I would like to setup SNORT to email the alert and portscan information 
>for each day, on a daily basis to multiple recipients.  Does anyone have 
>recommendations on a good way to go about doing this?
>
>Thanks,
>
>Jeff





More information about the Snort-users mailing list