[Snort-users] swatch alternatives?

Nelson, Ben bnelson at ...5464...
Wed Apr 23 10:43:26 EDT 2003


Try logsurfer:
http://www.cert.dfn.de/eng/logsurf/
 
I use this program to watch my logs and email me about alerts.  One of its really nice features is 'contexts', which allow you to watch
for multi-line patterns in logs and perform different actions based on the contents of the context.  So, in your case, if you had several related
Snort alerts that came in at the same time (or close to it), you could send them as one alert, rather than spamming yourself with one notification
per alert.
 
--Ben

-----Original Message-----
From: Chris [mailto:vze2f6h6 at ...3147...]
Sent: Wednesday, April 23, 2003 11:23 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] swatch alternatives?



I have been trying to setup swatch so that my snort alerts can be sent via email but I am running into problems.  I can not seem to get some of the needed perl modules installed.

 

What other alternatives is there that will do this?  I tried to find logwatch but it points to a cisco error page.

 

Thank you,

 

Chris Romano

 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030423/e1c5733d/attachment.html>


More information about the Snort-users mailing list