[Snort-users] sending alerts by email / active response Win2K system [RMC-J7FLJI4]
michaels at ...155...
Tue Jan 28 07:46:02 EST 2003
You will need something like Syslog Daemon and run the alerts through that.
It has an option of emailing on certain triggers. If you find a free tool
that works, please let us windows folks know. The alerts can be sent to the
Event Viewer, application log in Windows and if you can find something to
parse that file and alert, that would be great.
Michael Steele | System Engineer / Support Technician
mailto:michaels at ...155...
Silicon Defense: IDS solutions - http://www.silicondefense.com
Snort: Open Source Network IDS - http://www.snort.org
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Romulo M.
Sent: Monday, January 27, 2003 8:05 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] sending alerts by email / active response Win2K
Sorry about these bunch of newbie questions. I'm in the path of evaluating
snort, and it's being used on Windows 2000 Server. Everything is running
really smooth. I had a BSOD, but I think it's related to the packet capture
I would like to ask experienced snort users, if there are any ways of
emailing some alerts (maybe a perl script of some sort that would parse the
alert.ids file and send emails if it finds a specific alert). Also if there
are any ways of automating the process of filtering out dynamically some
kinds of attacks. I already know that it will not be easy with Windows 2000,
but maybe snort can be used together with some firewall / filtering product
available. Currently using Zone Alarm Pro.
If these things are possible, I would like to thank in advance if someone
could point me to the right direction.
Romulo M. Cholewa
Home : http://www.rmc.eti.br
PGP Keys Available @ website.
"Those who make peaceful revolution impossible will make
violent revolution inevitable." -- JFK.
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld http://www.vasoftware.com
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
More information about the Snort-users