[Snort-users] Snort-Swatch

Erek Adams erek at ...950...
Fri Sep 19 18:46:03 EDT 2003


On Fri, 19 Sep 2003, Keaton, Lindamaria wrote:

> Is anyone using swatch to email alerts?
>
> If so, can someone tell me how to configure swatch to send entire
> content of an alert. Right now I'm getting alerts send but this is all
> I'm getting in the body of the email.
>
> TCP TTL:64 TOS:0x0 ID:33690 IpLen:20 DgmLen:1500 DF.
>
> I would like to see source, destination, time, and what the actually
> alert is. Anyone have any ideas?

Yep.  RTFF, or otherwise known as "Read the Fine FAQ".

	#5.9  How do I get Snort to email me alerts.

That's got a link to:

	http://www.theadamsfamily.net/~erek/snort/snort-swatch.txt

It's amazing what we hide in there isn't it?  ;-)

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-users mailing list