| Search Site |
| Search Rules |
| Account |
| not registered? |
| can't login? |
| user preferences |
 |
 |
|
|||||||||||||||||||
Next: 5.10 How do I Up: 5 Getting Fancy Previous: 5.8 Snort complains about
5.9 How do I get Snort to e-mail me alerts?
You can't. Such a process would slow Snort down too much to make it of any use. Instead, log to syslog and use swatch or logcheck to parse over the plaintext logfiles.
With the Logsurfer docs, this might get you on the road to doing something with Snort and Logsurfer:
JASON HAAR provided an example Swatch (3.1beta) config that emails alerts:Here are some docs on swatch:
- http://www.oit.ucsb.edu/~eta/swatch/
- http://www.stanford.edu/~atkins/swatch
- http://rr.sans.org/sysadmin/swatch.php
- http://www.enteract.com/ lspitz/swatch.html
- http://www.cert.org/security-improvement/implementations/i042.01.html
IDS Center (see FAQ ![[*]](crossref.png)
) on Win32 will also mail alerts.
| site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved. |