[Snort-users] swatch alternatives?
andreaso at ...236...
Fri Apr 25 07:27:26 EDT 2003
> On Wed, 23 Apr 2003, Chris wrote:
> > What other alternatives is there that will do this? I tried to find
> > logwatch but it points to a cisco error page.
I wrote a simple swatch replacement a few months ago that I needed for a
project (SEC didn't quite suit me either).
It can do some things that I really needed, such as signing and encrypting
outgoing mail using GnuPG, reload config on SIGHUP without losing current
queued events, users can have their own include files with patterns/options,
you can define variables and later use them in patterns, and when trottling,
all following matches (with an upper limit) will automatically be included in
the mail, and you can specify patterns that will make some possible queued
events to be cleared etc...
As usual, it's just a quick hack that I may never touch again...
It requires several perl modules and does not contain any documentation (just
a couple of example configs). I don't really remember how bad/well it works.
See http://devel.it.su.se/cgi-bin/local/cvsweb.cgi/lc/ if you're interested
More information about the Snort-users