[Snort-users] Snort-Swatch

Edin Dizdarevic edin.dizdarevic at ...7509...
Tue Sep 23 12:48:07 EDT 2003


If you were using logsurfer I could drop you some appropriate
configuration rules. Do you have to use Swatch?


Keaton, Lindamaria wrote:

> /usr/bin/local/snort -c /etc/snort/snort.conf 
> [...]
> Is anyone using swatch to email alerts? 
> If so, can someone tell me how to configure swatch to send entire
> content of an alert. Right now I'm getting alerts send but this is all
> I'm getting in the body of the email.
> TCP TTL:64 TOS:0x0 ID:33690 IpLen:20 DgmLen:1500 DF. 
> I would like to see source, destination, time, and what the actually
> alert is. Anyone have any ideas? 

Edin Dizdarevic

More information about the Snort-users mailing list