[Snort-users] RES: RES: sending alerts by email / active response Win2K system [RMC-J7FLJI4] [Snort-users]

Romulo M. Cholewa rmc at ...8111...
Tue Jan 28 19:08:03 EST 2003


Hi,
 
I just installed Kiwi Syslog Daemon and, as a matter of fact, you won't need to send the alerts to the event log, because it can send directly to an email address.
 
Regards,

Romulo M. Cholewa
Home : http://www.rmc.eti.br
Forum: http://zeus.rmc.eti.br/forum
PGP Keys Available @ website.

    "Those who make peaceful revolution impossible will make    
             violent revolution inevitable." -- JFK.             
                                                                 
                                                                 


	-----Mensagem original-----
	De: Lok Ying Chung [mailto:rogerchung2 at ...8113...] 
	Enviada em: terça-feira, 28 de janeiro de 2003 23:16
	Para: Romulo M. Cholewa; Michael Steele; snort-users at lists.sourceforge.net
	Assunto: Re: RES: sending alerts by email / active response Win2K system [RMC-J7FLJI4]
	
	

	HI Choelwa, 

	How to get the Syslog Daemon for Windows 2k Pro? Is it can configured to submit snort alert log to windows event log? 

	Regards, 

	Roger Chung 

	 "Romulo M. Cholewa" <rmc at ...8111...> wrote: 

		Hi Michael,
		
		That's good news. With Syslog Daemon, I can configure it to submit the snort alert log to the system event log. Then, I can use an app like EventWatchNT, to send specific alerts to an email address.
		
		You can find EventWatchNT here:
		
		http://www.webattack.com/get/eventwatch.shtml
		
		When I get to the lab I'll test it. Thanks! 
		
		Romulo M. Cholewa.
		
		
		
		-----Mensagem original----- 
		De: Michael Steele [mailto:michaels at ...155...] 
		Enviada: ter 1/28/2003 13:44 
		Para: Romulo M. Cholewa; snort-users at lists.sourceforge.net 
		Cc: 
		Assunto: RE: sending alerts by email / active response Win2K system [RMC-J7FLJI4]
		
		
		
		Romulo, 
		
		You will need something like Syslog Daemon and run the alerts through that. 
		It has an option of emailing on certain triggers. If you find a free tool 
		that works, please let us windows folks know. The alerts can be sent to the 
		Event Viewer, application log in Windows and if you can find something to 
		parse that file and alert, that would be great. 
		
		-Michael 
		-- 
		Michael Steele | System Engineer / Support Technician 
		mailto:michaels at ...155... 
		Silicon Defense: IDS solutions - http://www.silicondefense.com 
		Snort: Open Source Network IDS - http://www.snort.org 
		
		
		-----Original Message----- 
		From: snort-users-admin at lists.sourceforge.net 
		[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of Romulo M. 
		Cholewa 
		Sent: Monday, January 27, 2003 8:05 PM 
		To: snort-users at lists.sourceforge.net 
		Subject: [Snort-users] sending alerts by email / active response Win2K 
		system [RMC-J7FLJI4] 
		
		Hi All, 
		
		Sorry about these bunch of newbie questions. I'm in the path of evaluating 
		snort, and it's being used on Windows 2000 Server. Everything is running 
		really smooth. I had a BSOD, but I think it's related to the packet capture 
		driver version. 
		
		I would like to ask experienced snort users, if there are any ways of 
		emailing some alerts (maybe a perl script of some sort that would parse the 
		alert.ids file and send emails if it finds a specific alert). Also if there 
		are any ways of automating the process of filtering out dynamically some 
		kinds of attacks. I already know that it will not be easy with Windows 2000, 
		but maybe snort can be used together with some firewall / filtering product 
		available. Currently using Zone Alarm Pro. 
		
		If these things are possible, I would like to thank in advance if someone 
		could point me to the right direction. 
		
		Thanks again, 
		
		Romulo M. Cholewa 
		Home : http://www.rmc.eti.br 
		Forum: http://zeus.rmc.eti.br/forum 
		PGP Keys Available @ website. 
		
		"Those who make peaceful revolution impossible will make 
		violent revolution inevitable." -- JFK. 
		
		
		
		
		------------------------------------------------------- 
		This SF.NET email is sponsored by: 
		SourceForge Enterprise Edition + IBM + LinuxWorld http://www.vasoftware.com 
		_______________________________________________ 
		Snort-users mailing list 
		Snort-users at lists.sourceforge.net 
		Go to this URL to change user options or unsubscribe: 
		https://lists.sourceforge.net/lists/listinfo/snort-users 
		Snort-users list archive: 
		http://www.geocrawler.com/redir-sf.php3?list 
		
		
		
		N斫SDM?炬?#39;?煪?b镻Z+'虛擙+
堶??>.)醚j+▆?)雵'?菈?闕活j?▃坎裳梓?言%R?簅淅炮?熒
~zw??昨瞴?拳膱肋??漬.n?▲犋鸑羞,b閍?瑀鸑羞??-噮扢桂津??簅淅炸芙??菈??禿集隃o褣堳梟a囤b荷?簅

	Ichiban興奮 <http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listsongs?cat=003001> ,明年今日 <http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listsongs?cat=001001> ,上一次流淚 <http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listsongs?cat=002001> ,好心分手 <http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listsongs?cat=002009> ...
	火速下載至In手機鈴聲 <http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listnews?s=-songcode> 
	Download the HOTTEST ringtones from Yahoo! <http://hk.yahoo.com/mail_tagline/?http://hk.ringtone.yahoo.com/ringtone/listnews?s=-songcode> 
	

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030128/e0106c99/attachment.html>


More information about the Snort-users mailing list