[Snort-users] Email alerts

Erek Adams erek at ...950...
Tue Apr 8 06:58:09 EDT 2003

On Mon, 7 Apr 2003, Matt Kettler wrote:

> Read the fine FAQ for the basic suggestion:
> http://www.snort.org/docs/faq.html#5.7
> In a bit more detail, swatch/logcheck are tools which search logs for
> various substrings and run external scripts when they find those strings.
> You should be able to use the priority field as a part of your search
> condition.
> Swatch has a homepage here:
> http://swatch.sourceforge.net/

And to add to what Matt said:

Have a look at this [0].  It's a swatch.conf file that Jason Haar put
together as an example of 'emailing alerts'.


Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0]	http://www.theadamsfamily.net/~erek/snort/snort-swatch.conf.txt

More information about the Snort-users mailing list