[Snort-users] Re: problem with Swatch
prabu333 at ...8908...
Wed Mar 9 20:02:10 EST 2005
> #swatch -c /etc/swatchrc -t /var/log/snort/alert
> ###Snort Alerts
> # Watch for entries containing the word 'Priority' in the snort alert file.
> # Display it in green on the screen
> # Mail alert to alerts at ...13154... with subject of the email
> # being "--Snort IDS Alert--"
> # log in file /var/log/IDS-scan
> watchfor /Priority/
> echo green
> mail addresses=coldness85\@hotmail.com ,subject=--Snort Alerts--
> exec echo $0 >> /var/log/IDS-scans
Looking at your swatchrc file, it seems the line "/hotmail" is the problem
Here you are looking for the keyword "Priority" in alert file. Right?. Then
why you have given /hotmail, is it have any valid reason. Try again, with
removing that line.
Also, I have send the swatch_snort setup manual along with this mail.
Hope it is useful.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 99278 bytes
Desc: not available
More information about the Snort-users