[Snort-users] execute external program

Jeff Kell jeff-kell at ...6282...
Wed Oct 12 11:14:14 EDT 2005


Gaston Martres wrote:

> I was wondering if is possible to execute an external program when a 
> event or alert in snort is triggered.

Look into snortsam (http://snortsam.net).  This lets alerts be forwarded to snortsam, which in turn can invoke a number of plugins, primarily to automate firewall configuration in response to alerts.  There is no generic plugin [yet] to invoke an external, but if you grab the source you can tweak some of the plugins to do just that (the Tracker SMTP plugin, for one, invokes an external script, I've tweaked it to do this).

Jeff





More information about the Snort-users mailing list