[Snort-users] Need help with snort output to bash script.
mkettler at ...4108...
Wed May 5 12:36:01 EDT 2004
At 01:11 PM 5/4/2004, Thomas Lauret wrote:
>OK perhaps someone here can help me.
>I want to get snort to run a bash script with the
>originating ip address of an event as a variable.
>I want that as an output instead of it being logged,
>just run a script, with the attacking ip address as a
>How do I do it ?
The overhead of executing a bash script would crush snort's performance,
leading to loss of large numbers of packets, and results in possible missed
attacks and render your snort system largely useless as attackers could
evade it with great ease.
Fundamentally, what is it that you're trying to accomplish? Perhaps there's
a different way.
Normally you'd want to Log the packets, and have a logwatcher call your
bash script when events of interest happen.
More information about the Snort-users