[Snort-users] Anyone run ACIS if so - how do I email alerts
Joshua.Scott at ...1955...
Tue Jan 28 18:17:03 EST 2003
Here are a couple possibilities:
1) Write your own script (in whatever language you choose) to query the snort
database, summarize the results and fire off an email with these results.
Have cron run this script at specific intervals.
2) If you log alerts to syslog as well, you could probably use Logcheck or
some other log analysis program to get a summary of events.
Security Systems Analyst, CISSP
From: Scott [mailto:slewis1972 at ...125...]
Sent: Friday, January 24, 2003 6:12 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Anyone run ACIS if so - how do I email alerts
I have snort running, along with ACID.
Is there a way that when there is an attemped alert, or even get sent a full
list of alerts at a certain time to be sent to my email address. I have
postfix and IMAP running.
This SF.NET email is sponsored by:
SourceForge Enterprise Edition + IBM + LinuxWorld = Something 2 See!
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
NOTICE - This communication may contain confidential and privileged
information that is for the sole use of the intended recipient. Any viewing,
copying or distribution of, or reliance on this message by unintended
recipients is strictly prohibited. If you have received this message in
error, please notify us immediately by replying to the message and deleting
it from your computer.
More information about the Snort-users