[Snort-users] sending alerts by email / active response Win2K system [RMC-J7FLJI4]

Michael Steele michaels at ...155...
Tue Jan 28 07:46:02 EST 2003


You will need something like Syslog Daemon and run the alerts through that.
It has an option of emailing on certain triggers. If you find a free tool
that works, please let us windows folks know. The alerts can be sent to the
Event Viewer, application log in Windows and if you can find something to
parse that file and alert, that would be great.

 Michael Steele | System Engineer / Support Technician     
 mailto:michaels at ...155...    
 Silicon Defense: IDS solutions - http://www.silicondefense.com
 Snort: Open Source Network IDS - http://www.snort.org

-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Romulo M.
Sent: Monday, January 27, 2003 8:05 PM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] sending alerts by email / active response Win2K
system [RMC-J7FLJI4]

Hi All,

Sorry about these bunch of newbie questions. I'm in the path of evaluating
snort, and it's being used on Windows 2000 Server. Everything is running
really smooth. I had a BSOD, but I think it's related to the packet capture
driver version.

I would like to ask experienced snort users, if there are any ways of
emailing some alerts (maybe a perl script of some sort that would parse the
alert.ids file and send emails if it finds a specific alert). Also if there
are any ways of automating the process of filtering out dynamically some
kinds of attacks. I already know that it will not be easy with Windows 2000,
but maybe snort can be used together with some firewall / filtering product
available. Currently using Zone Alarm Pro.

If these things are possible, I would like to thank in advance if someone
could point me to the right direction.

Thanks again,

Romulo M. Cholewa
Home : http://www.rmc.eti.br
Forum: http://zeus.rmc.eti.br/forum
PGP Keys Available @ website.

    "Those who make peaceful revolution impossible will make    
             violent revolution inevitable." -- JFK.             

This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld http://www.vasoftware.com
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list