[Snort-users] Snort + email alerts
Denis Morejon Lopez
denis at ...13847...
Thu Jun 15 08:12:48 EDT 2006
Oh...Thank you, I will try it immediately!
----- Original Message -----
From: "Daniel Cid" <danielcid at ...6873...>
To: "Denis Morejon Lopez" <denis at ...13847...>;
<Snort-users at lists.sourceforge.net>
Sent: Wednesday, June 14, 2006 11:29 PM
Subject: Re: [Snort-users] Snort + email alerts
> In addition to using swatch, you can try ossec to
> generate e-mails/active responses based on your snort
> logs. It is much more powerful then swatch (or
> guardian) because it allows you to alert based on:
> -Single IDS events.
> -Mutliple IDS events for same source ip in a specific
> -Multiple IDS events for same snort ID in a specific
> -Only for the first time a Snort ID is seen.
> -Only for the first time a Snort ID/IP combo
> is seen.
> -Only on specific categories.
> -Only on specific priorities (or any other option
> you want).
> -You can ignore specific IPs/Snort IDS.
> -You can specify maximum number of alerts per hour,
> and if this number is reached, it will send all the
> alerts in just one e-mail.
> -You can ignore automatically rules that alert too
> Oh, ossec also analyzes a lot of other log formats,
> being easy to integrate with other applications.
> *Don't take my word for it, because I'm an ossec
> developer, but you should give it a try. Installation
> is pretty easy too.
> Last version:
> Daniel B. Cid
> dcid @ ( at ) ossec.net
> --- Denis Morejon Lopez <denis at ...13847...>
>> I was trying to install the swatch rpm to parse the
>> snort logs and send it
>> as email alerts. But I fell into a loop because two
>> rpm packages depended
>> each other.
>> What should I do in this case?
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or
>> Snort-users list archive:
> Fale com seus amigos de graça com o novo Yahoo! Messenger
More information about the Snort-users