[Snort-users] execute external program
mkettler at ...4108...
Wed Oct 12 12:04:20 EDT 2005
Gaston Martres wrote:
> I was wondering if is possible to execute an external program when a
> event or alert in snort is triggered.
> I was looking on google, but, or I have searched in a wrong way or this
> is not possible.
It is not possible. See the FAQ on getting snort to email you.
Executing a process directly from snort is so expensive it would bog snort down
and cause it to miss a very substantial number of packets.
In general a better way is to use swatch or logsurfer to monitor the snort logs
and trigger processes. This is a little less "real-time", but it should happen
within a hundred milliseconds or so.
More information about the Snort-users