[Snort-users] Snort auotmatic email alert.
frank at ...9761...
Sun Aug 8 16:25:04 EDT 2004
On Fri, 2004-08-06 at 19:23, Erik Fichtner wrote:
> My god.. another notification tool that's wrapped all up in MySQL.
> Don't make this harder than it needs to be.
heh... I agree. Below is what I use for email alerts. It goes through
all /var/log/*snort* directories (if you have more than one instance of
snort running), but you may need to adjust path or filter name. Also,
make sure you have:
in your snort.conf and that you run it with "-l /var/log/snort-something
-d" (application layer dump comes in really handy.
Further replace mailsubj with sendmail or whatever else you use.
I suggest using cron to run this every minute.
if [ -e /var/run/mailsnort ];then
echo MailSnort already running... skipping this instance...
for logdir in `ls /var/log | grep snort`;do
for dir in `ls | grep -v alert.ids`;do
echo Sending $dir
for file in `ls`;do
cat $file | mailsubj "$logdir: $dir - $file"
your at ...12240...
rmdir $dir 2> /dev/null
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 187 bytes
Desc: This is a digitally signed message part
More information about the Snort-users