[Snort-users] realtime reporting tool

Ronneil Camara ronneilc at ...4042...
Thu Mar 28 11:35:18 EST 2002


> -----Original Message-----
> From: Matt Kettler [mailto:mkettler at ...4108...]
> Sent: Thursday, March 28, 2002 12:25 PM
> To: Ronneil Camara; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] realtime reporting tool
> 
> 
> Could you be a bit more specific about what you need, and why acid, 
> snortsnarf and demarc are not suited? Based on your question 
> it's pretty 
> hard to come up with an idea of what you really need.

Sorry for not being so detailed. The reason I posted is that I want to evaluate
other reporting tools. 

> 
> If you need some kind of realtime "send me an email if this 
> alert goes 
> off", I'd suggest getting a log watcher, as per the snort FAQ:
> 
> 5.7 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
> 
> Q: How do I get snort to e-mail me alerts? A: Log to syslog 
> and use swatch 
> or logcheck.

Yeah, I have been using swatch and I like it. I got some question though.
Is there a way where we can automate the creation of swatchrc file? I can
actually create a perl or sh script to do this but I was hoping that there
is already one that does it for swatch.

Thanks.

Neil




More information about the Snort-users mailing list