[Snort-users] Email alerts

Erek Adams erek at ...950...
Tue Apr 8 06:58:09 EDT 2003


On Mon, 7 Apr 2003, Matt Kettler wrote:

> Read the fine FAQ for the basic suggestion:
>
> http://www.snort.org/docs/faq.html#5.7
>
> In a bit more detail, swatch/logcheck are tools which search logs for
> various substrings and run external scripts when they find those strings.
> You should be able to use the priority field as a part of your search
> condition.
>
> Swatch has a homepage here:
> http://swatch.sourceforge.net/

And to add to what Matt said:

Have a look at this [0].  It's a swatch.conf file that Jason Haar put
together as an example of 'emailing alerts'.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]	http://www.theadamsfamily.net/~erek/snort/snort-swatch.conf.txt




More information about the Snort-users mailing list