[Snort-users] Alerts

Ed Spick es at ...5490...
Fri Jun 14 00:44:02 EDT 2002


We're using Swatch(its free!) to tail the syslog, currently it mails us any priority 1 alerts 
but you can use regex to build up more complex watchfor commands the docs suggest 
you can get it to send you pages too. Haven't seen anything to watch db tables which is 
a better idea than having to write to syslog just so you can filter for alerts in realtime. You 
can read about swatch and snortsnarf in the snort-statistics-how-to/configuration on 
linuxsecurity.com - although the swatch documentation is a bit patchy - best go to 
http://www.stanford.edu/~atkins/swatch  for the lowdown - you'll need to add a few perl 
mods too if you want to use swatch.
cheers ed
> 
> Demarc (Costs money) is one solution, their 1.6 product has some nice
> email features, you can now send the payload of the pack as part of the
> message which is really nice.
> 
> Ian
> 
> On Sat, 8 Jun 2002, Darren Young wrote:
> 
> > What tools are there to take snort alerts and forward them out as an email
> > alert? Right now I have 2 sensors reporting to a MySQL database. Additionally
> > I have syslog configured on the sensors to forward messages to my loghost.
> > What are the options? Any tools that could perhaps watch a table in the
> > database or watch syslog then 'intelligently' send out alerts via email or a
> > SNPP or something?
> >
> > I'd really like to know what other people have done to get these alerts to
> > their pager or cell phone...
> >
> > Thanks,
> >
> > Darren Young
> > darren at ...6023...
> >
> >
> > _______________________________________________________________
> >
> > Don't miss the 2002 Sprint PCS Application Developer's Conference
> > August 25-28 in Las Vegas -
> > http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink
> >
> > _______________________________________________
> > Snort-users mailing list
> > Snort-users at lists.sourceforge.net
> > Go to this URL to change user options or unsubscribe:
> > https://lists.sourceforge.net/lists/listinfo/snort-users
> > Snort-users list archive:
> > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> >
> 
> 
> _______________________________________________________________
> 
> Don't miss the 2002 Sprint PCS Application Developer's Conference
> August 25-28 in Las Vegas -
> http://devcon.sprintpcs.com/adp/index.cfm?source=osdntextlink
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 






More information about the Snort-users mailing list