Snort mailing list archives
RE: Alerting and Reporting tools
From: "Scott, Joshua" <Joshua.Scott () Jacobs com>
Date: Tue, 26 Nov 2002 18:21:42 -0800
Sorry folks, let me clarify what I'm looking for. I'm running a master IDS console with ACID/MYSQL. I'm looking for a way to have email alerts automatically generated based on certain signatures being inserted into the database. I know I can do this if I log via syslog, but that's not what I'm looking for. Currently we use Demarc for our product IDS. I'm testing our ACID/Snortcenter as a possible alternative. I prefer the Snortcenter way of managing rules, but I prefer the Demarc way for just about everything else. If anyone has migrated from either Demarc to ACID or vice-versa, I'd like to hear any comments you have. Thank you, Joshua Scott Security Systems Analyst, CISSP 626-568-7024 -----Original Message----- From: Scott Nursten [mailto:scottn () s2s ltd uk] Sent: Tuesday, November 26, 2002 3:53 AM To: Scott, Joshua; snort-users () lists sourceforge net Subject: Re: [Snort-users] Alerting and Reporting tools Hi Josh, Use ACID - http://www.cert.org/kb/aircert/ - it has a really handly "Email alerts" function which you can use to mail alerts based on any criteria (signature type, timestamps, classification, ip links etc etc) - so, basically, it's VERYKEWL :) HTH, Regards, Scott Nursten On 11/25/02 9:25 PM, "Scott, Joshua" <Joshua.Scott () Jacobs com> wrote:
I'm looking for a way to send email alerts on certain Snort alerts in a MySQL database. I don't have local Snort alert files on the sensors so I need to be able to report on alerts in the database. The sensors are appliance type boxes with very limited disk space. Any assistance you can provide on this is greatly appreciated. Thank you, Joshua Scott Security Systems Analyst, CISSP 626-568-7024 ====================================================================== ======== ======== NOTICE - This communication may contain confidential and privileged information that is for the sole use of the intended recipient. Any
viewing,
copying or distribution of, or reliance on this message by unintended recipients is strictly prohibited. If you have received this message in
error,
please notify us immediately by replying to the message and deleting it
from
your computer. ====================================================================== ========
-- ====================================================================================== NOTICE - This communication may contain confidential and privileged information that is for the sole use of the intended recipient. Any viewing, copying or distribution of, or reliance on this message by unintended recipients is strictly prohibited. If you have received this message in error, please notify us immediately by replying to the message and deleting it from your computer. ============================================================================== ------------------------------------------------------- This SF.net email is sponsored by: Get the new Palm Tungsten T handheld. Power & Color in a compact size! http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0002en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: SHUN, (continued)