Snort mailing list archives
RE: Snort, Windows 2000 - running external program on alert.
From: "Don" <Don () WeberOnTheWeb com>
Date: Fri, 20 Dec 2002 11:22:01 -0800
I'm trying to do something similar, would like to tail the syslog file looking for specific keywords and cause an action based on the findings, do you know of a prog that can do the likes of the tail -f *nix command in a win32 environment. for instance i have a nix .pl file that looks for certain messages and can modify ipf to block offending IP's, yet i havent found a way to do this on win32 yet. I havent found anything that can tail the syslog and look for 'keywords', the perl file-tail doesnt work in win32 version of perl, it requires a specific module that has not been ported to win32. any other ideas that anyone might have? don
-----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Hicks, John Sent: Friday, December 20, 2002 9:57 AM To: 'Brian Strickland'; Snort Users (E-mail) Subject: RE: [Snort-users] Snort, Windows 2000 - running external program on alert. IDSCenter has built-in email functionality, but not 'any' program. If you're looking for run x if y is found, try doing it via syslog output. hth, John -----Original Message----- From: Brian Strickland [mailto:brians () south-com com] Sent: Friday, December 20, 2002 12:35 PM To: 'snort-users () lists sourceforge net' Subject: [Snort-users] Snort, Windows 2000 - running external program on alert. is there a way directly from snort to run an external program when an alert is generated or indirectly (reviewing log file or sql database) to run an external program when a alert occurs. Like send an email, pager program, etc. Brian Strickland ------------------------------------------------------- This SF.NET email is sponsored by: The Best Geek Holiday Gifts! Time is running out! Thinkgeek.com has the coolest gifts for your favorite geek. Let your fingers do the typing. Visit Now. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.NET email is sponsored by: The Best Geek Holiday Gifts! Time is running out! Thinkgeek.com has the coolest gifts for your favorite geek. Let your fingers do the typing. Visit Now. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------- This SF.NET email is sponsored by: The Best Geek Holiday Gifts! Time is running out! Thinkgeek.com has the coolest gifts for your favorite geek. Let your fingers do the typing. Visit Now. T H I N K G E E K . C O M http://www.thinkgeek.com/sf/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: Snort, Windows 2000 - running external program on alert. Hicks, John (Dec 20)
- Re: Snort, Windows 2000 - running external program on alert. Ueli Kistler (Dec 20)
- RE: Snort, Windows 2000 - running external program on alert. Don (Dec 20)
- <Possible follow-ups>
- RE: Snort, Windows 2000 - running external program on alert. Hicks, John (Dec 20)
- RE: Snort, Windows 2000 - running external program on alert. Sylar, John (Dec 20)
- RE: Snort, Windows 2000 - running external program on alert. Tom Sevy (Dec 20)