[Snort-users] Snort-Swatch

Sir Fenix claudus at ...10165...
Thu Sep 25 10:13:05 EDT 2003


I'm using swatch to send alerts via email, to solve this problem I made 
a script, maybe pretty simple, but it works, it is similar to this:

You have to configure snort to log to syslog.

#!/bin/sh
MAIL="dir1 at ...10166... dir2 at ...2146..."
MESSAGE=$(tail -n 1 /var/log/messages)
echo -e "$MESSAGE \n\nAcceso a la consola del Snort interno: 
http://10.20.100.41/" | mail -s "Se Registra Alerta Prioridad 1" $MAIL 
-- -F "SNORT INTERNO"



Keaton, Lindamaria wrote:

> I'm having a difficult time installing logsurfer-1.5b. I just the
> following command.
> ./configure --prefix=/usr/local --with-etcdir=/etc. Ok it looks like it
> installing just find. But when I go look for the logsurfer.conf file in
> /usr/local/etc or in /etc it's not there. Any ideas?
> 
> -----Original Message-----
> From: Edin Dizdarevic [mailto:edin.dizdarevic at ...7509...] 
> Sent: Tuesday, September 23, 2003 12:46 PM
> To: Keaton, Lindamaria
> Cc: jon baer; snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort-Swatch
> 
> 
> Hi,
> 
> If you were using logsurfer I could drop you some appropriate
> configuration rules. Do you have to use Swatch?
> 
> Regards,
> Edin
> 
> Keaton, Lindamaria wrote:
> 
> 
>>/usr/bin/local/snort -c /etc/snort/snort.conf
>>
>>[...]
>>
>>
>>Is anyone using swatch to email alerts?
>>
>>If so, can someone tell me how to configure swatch to send entire 
>>content of an alert. Right now I'm getting alerts send but this is all
> 
> 
>>I'm getting in the body of the email.
>>
>>TCP TTL:64 TOS:0x0 ID:33690 IpLen:20 DgmLen:1500 DF.
>>
>>I would like to see source, destination, time, and what the actually 
>>alert is. Anyone have any ideas?
> 
> 
> 
> 





More information about the Snort-users mailing list