[Snort-users] Re: problem with Swatch

Senthil Prabu.S prabu333 at ...8908...
Wed Mar 9 20:02:10 EST 2005


>  #swatch -c /etc/swatchrc -t /var/log/snort/alert
>  #
>  ###Snort Alerts
>  # Watch for entries containing the word 'Priority' in the snort alert file.
>  # Display it in green on the screen
>  # Mail alert to alerts at ...13154... with subject of the email
>
>  # being "--Snort IDS Alert--"
>  #
>  # log in file /var/log/IDS-scan
>
>
>  watchfor /Priority/
>  /hotmail
>  echo green
>  mail addresses=coldness85\@hotmail.com ,subject=--Snort Alerts--
>  exec echo $0 >> /var/log/IDS-scans

Looking at your swatchrc file, it seems the line "/hotmail" is the problem
Here you are looking for the keyword "Priority" in alert file. Right?. Then
why you have given /hotmail, is it have any valid reason. Try again, with
removing that line.

Also, I have send the swatch_snort setup manual along with this mail.

Hope it is useful.

--
Senthil Prabu.S 
-------------- next part --------------
A non-text attachment was scrubbed...
Name: swatch_configuration.pdf
Type: application/pdf
Size: 99278 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20050309/b611d400/attachment.pdf>


More information about the Snort-users mailing list