[Snort-users] Snort and real-time alerting

Jeronimo L. Cabral jelocabral at ...11827...
Wed May 23 10:51:50 EDT 2012


Something else: suppose I use logsurfer/swatch/logwatch to alert in
real time the Snorts events. Actually I have near 5 events per minute.

What is the criteria to take just a few number of critical events of
Snort ??? Because I have 20.000 signatures...

On Wed, May 23, 2012 at 11:40 AM, Jeronimo L. Cabral
<jelocabral at ...11827...> wrote:
> What about Swatch ??? Is it more appropriate ???
>
> On Wed, May 23, 2012 at 11:13 AM, Lay, James <james.lay at ...15009...> wrote:
>>> -----Original Message-----
>>> From: Jeronimo L. Cabral [mailto:jelocabral at ...11827...]
>>> Sent: Wednesday, May 23, 2012 8:10 AM
>>> To: snort-users at lists.sourceforge.net
>>> Subject: [Snort-users] Snort and real-time alerting
>>>
>>> Dear, I have a Snort 2.9 with Base running OK, but I need a real time
>>> alerting mechanism via email if possible.
>>>
>>> How can I do that ??? Any extra module to use in that way ???
>>>
>>> Special thanks
>>>
>>> JeLo
>>
>> Log to fast alert then use wots/logsurfer/logwatch to tail/watch the
>> file and email out.  Assuming linux/BSD/OSX.
>>
>> James
>>
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and
>> threat landscape has changed and how IT managers can respond. Discussions
>> will include endpoint security, mobile security and the latest in malware
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list