Snort mailing list archives

Re: FW: Sending Alert Via E-mail

From: Erek Adams <erek () theadamsfamily net>
Date: Sun, 25 Nov 2001 13:24:20 -0800 (PST)

On Sat, 24 Nov 2001, Fadzly Zainuddin wrote:

I'm connecting my Snort IDS machine together my mail server in the same hub.


Caution:  Not all hubs are hubs.  See FAQ 6.2.1

http://www.snort.org/docs/faq.html#6.21

I just wonder why my IDS could not detect anything when I scan my mail
server port. When I scan IDS machine port , my IDS able to detect. I send a
port scanning request from external PC. Theoretically when I scan my mail
server, my IDS machine should receive a same thing because hub will
broadcast right? Am I correct or I need the specified a special command.
Current my command is

./snort -dev -l ./log -h xxx.xxx.xxx.0/24 -c snort.conf


Now, If that's not your problem, then I would think it's in your snort.conf
settings.

As for emailing alerts:  5.7

http://www.snort.org/docs/faq.html#5.7

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Sending Alert Via E-mail Fadzly Zainuddin (Nov 04)
- Re: Sending Alert Via E-mail Erek Adams (Nov 04)
- Re: Sending Alert Via E-mail Jason Haar (Nov 05)
- <Possible follow-ups>
- RE: Sending Alert Via E-mail Kresna Prawira (Nov 05)
  - Re: Sending Alert Via E-mail niceshorts (Nov 05)
- FW: Sending Alert Via E-mail Fadzly Zainuddin (Nov 23)
  - Re: FW: Sending Alert Via E-mail John Sage (Nov 23)
  - Re: FW: Sending Alert Via E-mail Erek Adams (Nov 25)
- RE: FW: Sending Alert Via E-mail Frank Knobbe (Nov 24)