[Snort-users] Process Snort alerts on real time

wkitty42 at ...14940... wkitty42 at ...14940...
Mon Feb 20 21:54:33 EST 2017


On 02/20/2017 06:32 AM, Nora Aron wrote:
> Hi,
> I'm wondering if there is a tool to get Snort alerts on real time. I have
> configured Snort to get unified2 output. Now, when I run Snort it starts writing
> in a new snort.u2.timestamp and create a new one once it has reached the limit.
> It was enough for me until now for testing purposes.
> Now I  would like to run a program for each new alert triggered, but I haven't
> figured out how to get it automatically.

you're looking for barnyard2 to read the U2 file and put the alerts into a 
database... the ou would use one of several programs like sguil or sguert or 
similar to monitor the database and provide alerts of ""interesting"" things to 
your phone or pager or whatever... security onion is probably a good place to 
start as it has all that and more wrapped up in an ISO for installation (IIRC)...

NOTE: i am not a security onion user... i just understand that it has much of 
what is desired for INFOSEC OPS...

-- 
  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list* unless
        private contact is specifically requested and granted.




More information about the Snort-users mailing list