[Snort-users] Snort and real-time alerting
Jeronimo L. Cabral
jelocabral at ...11827...
Tue May 29 11:11:52 EDT 2012
Dear, I have Snort 22.214.171.124 logging to a MySQL database, but also I see
I have some pcap snort files under /var/log/snort as follow:
Why are these files creted for ???
And taking into account I'm logging all Snort events in MySQL DB, how
can I alert some defined events in real-time by email ???
Thanks a lot
On Mon, May 28, 2012 at 3:40 PM, waldo kitty <wkitty42 at ...14940...> wrote:
> On 5/28/2012 12:14, Jeronimo L. Cabral wrote:
>> Coming back to real-time monitoring of Snort, my Snort generates a lot
>> of snort log files under /var/log/snort, they have different names.
>> What can I do to monitor Snort if the file name changes ???
> what logging type are you using? if those files are what i think they are,
> they are actually pcap files and you have an alert file as well... if they
> are pcap files only, then you can keep them for some random X time and then
> delete them unless you have something else (reporting tools) that might use
> them if you go back into history...
> mine are named like "snort.log.1279385047" and they range in size due to the
> traffic captured for alerts between snort restarts...
> so, what are you trying to use to monitor snort via those files??
More information about the Snort-users