[Snort-users] RE: Alerting Snort (sending alert through pager)
alrayworld at ...131...
Mon May 6 05:19:01 EDT 2002
I'm using redhat 7.0 on my snort but the logging
facility that I setup was mysql and binary.
Logging all alerts to mysql is another linux box which
is internal (intranet). The binary is log through
snort box /var/log/snort
It is possible that you have a third logging options
like in syslog?.
your quick response will be highly appreciated.
Thanks in advance.
--- "Wirth, Jeff" <WirthJe at ...4876...> wrote:
> From: Alwin Raymundo [mailto:alrayworld at ...131...]
> > Hi Jeff,
> Hello Alwin...
> > I'm reading your response regarding the "Alerting
> > snort using swatch". Im very interested regarding
> > sending an email or page to my RIM.
> > I look at the snort FAQ but I cant find detailed
> > information regarding ATTACK RESPONSE I know this
> > alert will not create a false positive alert.
> Well, I wouldn't go that far...I've had a *few*
> (luckily not at 2:00 am, yet
> ;-), but I am willing to live with this..
> > Can you give me some direction or some sort of how
> If you are thinking about swatch as a solution and
> it's not the only one,
> > Do I need to add some parameters to
> > attack-response.rules?
> Nope. Swatch will monitor your syslog entries
> looking for entries that you
> define. If it makes a match it will react as you
> instruct it to, i.e.
> e-mail your pager. Which means you need to be
> logging Snort to syslog..
> , also check
> your local man page for syslog and syslogd for
> additional information (you
> are running *nix I hope).
> Side Note:.....I've seen too many people using
> commercial NIDS getting
> paged/e-mail on all sorts of attack stimulus (I
> think this is why e-mail
> filters where created). And why, does attack
> stimulus == compromise? not
> quite. Well then, does response == compromise?
> maybe. In short, response
> to stimulus is either black or white, it's is either
> what you expected or it
> isn't. And it's the unexpected we need to be
> concerned with...
> Well have to go...My pager just went off ;-)
> Hope this helps,
> - Jeff
Do You Yahoo!?
Yahoo! Health - your guide to health and wellness
More information about the Snort-users