[Snort-users] running a script when a match is found

Frank Knobbe fknobbe at ...652...
Tue May 7 19:51:02 EDT 2002


On Tue, 2002-05-07 at 11:13, Michael Boman wrote:
> On Tuesday 07 May 2002 22:23, Lookman Fazal wrote:
> > Now what I want to do is, when it writes the sender's IP address in this
> > /var/log/snort directory, I want to, at the same time run a script,
> > which will take the sender's IP address and telnet to my router and add
> > an access-list to deny this sender. How do I invoke a script in snort
> > when a pattern matches?
> >
> > Is there a way to do this?  Any help will be greatly appreciated
> >
> > --Fazal
> 
> I haven't tries this myself, but why not try out SnortSam(.net) that can 
> re-configure firewalls and routers.


Hey Mike, 

long time no chat. Yes, you can use SnortSam. If the router in question
is a Cisco router, that plugin is already available (although still in
beta). If you need to run other routers/script, you could use the fwexec
method which calls a script/binary with certain parameters. I know of at
least one guy doing this. I was thinking about adding a generic script
plugin, but fwexec seems to work fine.

Later,
Frank



-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 350 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020507/7fe9bdef/attachment.sig>


More information about the Snort-users mailing list