[Snort-users] running a script when a match is found
fknobbe at ...652...
Tue May 7 19:51:02 EDT 2002
On Tue, 2002-05-07 at 11:13, Michael Boman wrote:
> On Tuesday 07 May 2002 22:23, Lookman Fazal wrote:
> > Now what I want to do is, when it writes the sender's IP address in this
> > /var/log/snort directory, I want to, at the same time run a script,
> > which will take the sender's IP address and telnet to my router and add
> > an access-list to deny this sender. How do I invoke a script in snort
> > when a pattern matches?
> > Is there a way to do this? Any help will be greatly appreciated
> > --Fazal
> I haven't tries this myself, but why not try out SnortSam(.net) that can
> re-configure firewalls and routers.
long time no chat. Yes, you can use SnortSam. If the router in question
is a Cisco router, that plugin is already available (although still in
beta). If you need to run other routers/script, you could use the fwexec
method which calls a script/binary with certain parameters. I know of at
least one guy doing this. I was thinking about adding a generic script
plugin, but fwexec seems to work fine.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 350 bytes
Desc: This is a digitally signed message part
More information about the Snort-users