[Snort-users] Snort Event Types

Turnbough, Bradley E. bturnbough at ...15650...
Thu Mar 27 09:13:27 EDT 2014


Is it possible to generate an alert (logged to a unified file) AND also fire a script to do something on the OS of the sensor itself?

I have snort installed and operating properly.  Snort 2.9.5.5.  Snort currently outputs to unified2.

"output unified2: filename snort.u2, limit 128"

Barnyard2 (2.1.9) picks up the .u2 file and processes it.

Barnyard2 config:
output alert_fast: stdout
output database: alert, mysql, user=snort dbname=snorby password=blah host=ipaddresshere

I want to kick off a shell script file to do some things within the sensor when the alert is first generated.  Is this possible?

I'm running daemonlogger to generate pcap files, and want to be able to archive the pcap files when certain traffic triggers an alert.

Thanks,

Brad

_____________________________________________________________ This e-mail transmission contains information that is confidential and may be privileged. It is intended only for the addressee(s) named above. If you receive this e-mail in error, please do not read, copy or disseminate it in any manner. If you are not the intended recipient, any disclosure, copying, distribution or use of the contents of this information is prohibited. Please reply to the message immediately by informing the sender that the message was misdirected. After replying, please erase it from your computer system. Your assistance in correcting this error is appreciated.




More information about the Snort-users mailing list