[Snort-users] Email

Jason Haar Jason_Haar at ...15306...
Wed Aug 29 20:09:28 EDT 2012

On 30/08/12 11:51, Greg Williams wrote:
> If it were me, I would not do a db search, the database is already
> processing stuff.  I would have scripts on all your sensors, monitor
> the alert log, and clean the alert log every 5 minutes when the grep
> is complete. Saves processing power by only searching the last 5
> minutes instead of the entire db.
Wouldn't this be a good output option for barnyard2? I'd love barnyard
to be able to pipe a "snort packet" and metadata at a random program -
so it can for example send an email containing the pcap as an attachment
- or post-processes that packet and decides it's a FP and drops the
whole email alert

Hmmm, I'll bring this up on the barnyard2 list :-)


Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +1 408 481 8171
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1

More information about the Snort-users mailing list