[Snort-users] SMB alerts

Jason Haar Jason.Haar at ...294...
Fri Aug 13 17:16:37 EDT 2004


On Fri, Aug 13, 2004 at 06:20:51PM -0500, Frank Knobbe wrote:
> On Fri, 2004-08-13 at 18:02, Jason Haar wrote:
> > Seriously, it is. Why SMB and yet no SMTP? What about Jabber support?
> 
> Actually, we are piping Snort alerts into a secure IRC channel (#alerts 
> ;)

..and I wasn't joking about the Jabber support - our alerting system allows
injecting different Snort alerts into different Jabber Rooms on our Jabber
server :-) Sort of an "informal" notification list for those who might want
to "peak in" once and a while.

> But we do that offline, not as an output-plugin (although that thought
> had crossed my mind ;)

We trigger everything off syslog - so the Snort syslog output is essential.


-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1




More information about the Snort-users mailing list