[Snort-users] Email

Horton, Nicholas A - Merrifield, VA - Contractor nicholas.a.horton at ...15788...
Wed Aug 29 16:57:08 EDT 2012

Makes sense and honestly now that I think about it I probably won't want the remote snortbox to send an email plus the log file is in unified2 format.

I have several snortboxes talking to a central location and I have Snorby up and running on a central server so I probably just need Snorby to somehow send me an alert based on an event into the database.

Right now Snorby sends past reports but I'm also looking for a feature where the notifications can be more immediate.

I started to think about the snortbox doing this immediate notification in email but it is already notifying by entering into the central mysql db.  I just need this central db box running Snorby to kick off an email given a specific gid or sid.

If Snorby isn't it for immediate or specific gid notifications i just need to find that add-on that can do it.

Thanks again Joel,

From: Joel Esler [jesler at ...1935...]
Sent: Wednesday, August 29, 2012 4:06 PM
To: Nicholas Horton
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Email

On Aug 29, 2012, at 3:45 PM, Nicholas Horton <fivetenets at ...14399...<mailto:fivetenets at ...14399...>> wrote:

Is snort capable of sending emails based off of alerts or is that something that should be handled by an add-on like swatch?

If snort is capable where is the config for sending emails?

It's definitely an add-on.  Snort does not contain this native capability.  Snort is an IDS, not an email generation program. :)

More information about the Snort-users mailing list