[Snort-users] realtime reporting tool
ronneilc at ...4042...
Thu Mar 28 11:35:18 EST 2002
> -----Original Message-----
> From: Matt Kettler [mailto:mkettler at ...4108...]
> Sent: Thursday, March 28, 2002 12:25 PM
> To: Ronneil Camara; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] realtime reporting tool
> Could you be a bit more specific about what you need, and why acid,
> snortsnarf and demarc are not suited? Based on your question
> it's pretty
> hard to come up with an idea of what you really need.
Sorry for not being so detailed. The reason I posted is that I want to evaluate
other reporting tools.
> If you need some kind of realtime "send me an email if this
> alert goes
> off", I'd suggest getting a log watcher, as per the snort FAQ:
> 5.7 --faq-- --snort-- --faq-- --snort-- --faq-- --snort-- --faq--
> Q: How do I get snort to e-mail me alerts? A: Log to syslog
> and use swatch
> or logcheck.
Yeah, I have been using swatch and I like it. I got some question though.
Is there a way where we can automate the creation of swatchrc file? I can
actually create a perl or sh script to do this but I was hoping that there
is already one that does it for swatch.
More information about the Snort-users