Snort.org home  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Downloads Snort Docs Rules Snort Community Snort Forums Snort Training
Search Site
Search Rules
Account
email
password
not registered?
user preferences

Snort Forums Archive

Archive Home » Third Party Tools » Real Time E-Mail Alerts for Windows

Please note that the categories listed below represent an archived version of our forums pages. To view the current version and be able to post and reply to threads, please register and login here to go to the full forums pages.

[ Notice: Full Version of This Topic ]

Real Time E-Mail Alerts for Windows


Posted by Rainlander on August 02, 2005 19:02:52

I have successfully installed & configured Snort 2.3.3 on windows XP & 2000. Real time monitoring is done with SAM. But I still don't have any email alerts facility. I have also tried Swatch installation on windows. It installed successfully & I ran the following command

e:\snort\swatch:> "swatch -c swatch.conf -t e:\snort\log\alert.ids"

My swatch.conf file which I created is in swatch directory & I am wanting it to monitor my snort log file. I have not configured syslog as output.
But it gives me following error

swatch: cannot find "tail" program in PATH

The path is correct. Could someone help me solve this problem?? Is there any other alternative to swatch as real time email alert mechanism.

Posted by Joel_Esler on August 28, 2005 06:40:44

You may want to look into something like OpenAanval, Sguil, or perhaps one of SOURCEfire's commerical
products.

Joel Esler
SOURCEfire

Posted by Rainlander on November 03, 2005 09:57:14

Hi Joel,
Actually I did post one solution for this. Successful in this using PERL script called SnortNotify. It requires Sendmail for Windows which is provided by Indigostar. What the script would do is directly fetch the data from the MySQL database and mail the alerts using sendmail. For connecting Perl to MySQL we require DBD, DBI modules to be installed. Thats it!!

Posted by achva on March 21, 2006 20:37:47

hello Rainlander!
i saw that you have installed sucefully a SAM
i have a problem , i see all events on SAM but on the graph pages nothing happens
Can you help me,what's the problem???
my email: achva123@gmail.com
i have mysql
iis+base console+snort everthing work but graphs not :(
thanks
site feedback | Terms of Use | Privacy Policy | forum archives ©2007 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.