[Snort-users] Email alerts

Matt Kettler mkettler at ...4108...
Mon Apr 7 11:45:06 EDT 2003


Read the fine FAQ for the basic suggestion:

http://www.snort.org/docs/faq.html#5.7

In a bit more detail, swatch/logcheck are tools which search logs for 
various substrings and run external scripts when they find those strings. 
You should be able to use the priority field as a part of your search 
condition.

Swatch has a homepage here:
http://swatch.sourceforge.net/

At 10:21 AM 4/7/2003 -0700, Sudhakar Gummadi wrote:
>Hi,
>
>This might have been answered numerous times, Sorry for asking the same 
>question.
>
>I have installed snort the latest one on linux 8.0 recently with other 
>required applications (mysql, apache, php and acid).
>
>I basically want to get emails ONLY on critical alerts.
>
>How would I configure ? any documentation would be really helpful
>
>Any suggestions is great appreciated.





More information about the Snort-users mailing list