Nmap Security Scanner
*Intro
*Ref Guide
*Install Guide
*Download
*Changelog
*Book
*Docs
Security Lists
*Nmap Hackers
*Nmap Dev
*Bugtraq
*Full Disclosure
*Pen Test
*Basics
*More
Security Tools
*Pass crackers
*Sniffers
*Vuln Scanners
*Web scanners
*Wireless
*Exploitation
*Packet crafters
*More
Site News
Site Search:
Exploit World
Advertising
About/Contact
Credits
Sponsors:

focus-ids logo IDS mailing list archives

RE: Snort & email
From: Omar Herrera <oherrera () prodigy net mx>
Date: Sat, 07 May 2005 09:08:32 -0500
Hi Dan,

You can make snort log to both syslog and a MySQL database. Syslog alerts
can be emailed and the will be wiped out eventually, when logs are rotated,
so no overhead there. 

I'm not sure how much this affects performance, but have tested it this way
and have not noticed a significant degradation.

Regards,
Omar Herrera


-----Original Message-----
From: Dan S Baxter [mailto:Dan.Baxter () ipaper com]

I'm setting up a Snort sensor in our environment and I am unable to
determine how I might get emailed on alerts.  I understand some are using
Swatch, but we are not logging to syslogs but rather to a mysql db.  What
are others doing in this case?

If I can't get it to alert me, it doesn't do me as much good, as I do not
have the time to watch it 24/7.




--------------------------------------------------------------------------
Test Your IDS

Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from 
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708 
to learn more.
--------------------------------------------------------------------------

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]