[Snort-users] Snort-Swatch

Keaton, Lindamaria LKeaton at ...10093...
Tue Sep 23 13:49:26 EDT 2003


No I don't have to you use swatch

-----Original Message-----
From: Edin Dizdarevic [mailto:edin.dizdarevic at ...7509...] 
Sent: Tuesday, September 23, 2003 12:46 PM
To: Keaton, Lindamaria
Cc: jon baer; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Snort-Swatch


Hi,

If you were using logsurfer I could drop you some appropriate
configuration rules. Do you have to use Swatch?

Regards,
Edin

Keaton, Lindamaria wrote:

> /usr/bin/local/snort -c /etc/snort/snort.conf
> 
> [...]
> 
> 
> Is anyone using swatch to email alerts?
> 
> If so, can someone tell me how to configure swatch to send entire 
> content of an alert. Right now I'm getting alerts send but this is all

> I'm getting in the body of the email.
> 
> TCP TTL:64 TOS:0x0 ID:33690 IpLen:20 DgmLen:1500 DF.
> 
> I would like to see source, destination, time, and what the actually 
> alert is. Anyone have any ideas?



-- 
Edin Dizdarevic





More information about the Snort-users mailing list