[Snort-users] Snort and real-time alerting

Jeronimo L. Cabral jelocabral at ...11827...
Tue May 29 11:11:52 EDT 2012


Dear, I have Snort 2.9.2.1 logging to a MySQL database, but also I see
I have some pcap snort files under /var/log/snort as follow:

snort.log.1331564728

Why are these files creted for ???

And taking into account I'm logging all Snort events in MySQL DB, how
can I alert some defined events in real-time by email ???

Thanks a lot

On Mon, May 28, 2012 at 3:40 PM, waldo kitty <wkitty42 at ...14940...> wrote:
> On 5/28/2012 12:14, Jeronimo L. Cabral wrote:
>>
>> Coming back to real-time monitoring of Snort, my Snort generates a lot
>> of snort log files under /var/log/snort, they have different names.
>>
>> What can I do to monitor Snort if the file name changes ???
>
>
> what logging type are you using? if those files are what i think they are,
> they are actually pcap files and you have an alert file as well... if they
> are pcap files only, then you can keep them for some random X time and then
> delete them unless you have something else (reporting tools) that might use
> them if you go back into history...
>
> mine are named like "snort.log.1279385047" and they range in size due to the
> traffic captured for alerts between snort restarts...
>
> so, what are you trying to use to monitor snort via those files??
>




More information about the Snort-users mailing list