[Snort-users] Snort + email alerts

Denis Morejon Lopez denis at ...13847...
Thu Jun 15 08:12:48 EDT 2006


Oh...Thank you, I will try it immediately!

----- Original Message ----- 
From: "Daniel Cid" <danielcid at ...6873...>
To: "Denis Morejon Lopez" <denis at ...13847...>; 
<Snort-users at lists.sourceforge.net>
Sent: Wednesday, June 14, 2006 11:29 PM
Subject: Re: [Snort-users] Snort + email alerts


> In addition to using swatch, you can try ossec to
> generate e-mails/active responses based on your snort
> logs. It is much more powerful then swatch (or
> guardian) because it allows you to alert based on:
>
> -Single IDS events.
> -Mutliple IDS events for same source ip in a specific
> timeframe.
> -Multiple IDS events for same snort ID in a specific
> time.
> -Only for the first time a Snort ID is seen.
> -Only for the first time a Snort ID/IP combo
> is seen.
> -Only on specific categories.
> -Only on specific priorities (or any other option
> you want).
> -You can ignore specific IPs/Snort IDS.
> -You can specify maximum number of alerts per hour,
> and if this number is reached, it will send all the
> alerts in just one e-mail.
> -You can ignore automatically rules that alert too
> often.
>
> Oh, ossec also analyzes a lot of other log formats,
> being easy to integrate with other applications.
>
> *Don't take my word for it, because I'm an ossec
> developer, but you should give it a try. Installation
> is pretty easy too.
>
> Last version:
> http://www.ossec.net/files/ossec-hids-0.8-3.tar.gz
>
> Website:
> http://www.ossec.net
>
>
> Thanks,
>
> --
> Daniel B. Cid
> dcid @ ( at ) ossec.net
>
> --- Denis Morejon Lopez <denis at ...13847...>
> escreveu:
>
>> I was trying to install the swatch rpm to parse the
>> snort logs and send it
>> as email alerts. But I fell into a loop because two
>> rpm packages depended
>> each other.
>> What should I do in this case?
>>
>> Regards
>>
>>
>>
>>
>>
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or
>> unsubscribe:
>>
> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>>
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>
>
> __________________________________________________
> Fale com seus amigos  de graça com o novo Yahoo! Messenger
> http://br.messenger.yahoo.com/ 





More information about the Snort-users mailing list