Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort-Swatch

From: Erek Adams <erek () snort org>
Date: Fri, 19 Sep 2003 21:45:24 -0400 (EDT)
On Fri, 19 Sep 2003, Keaton, Lindamaria wrote:


Is anyone using swatch to email alerts?

If so, can someone tell me how to configure swatch to send entire
content of an alert. Right now I'm getting alerts send but this is all
I'm getting in the body of the email.

TCP TTL:64 TOS:0x0 ID:33690 IpLen:20 DgmLen:1500 DF.

I would like to see source, destination, time, and what the actually
alert is. Anyone have any ideas?


Yep.  RTFF, or otherwise known as "Read the Fine FAQ".

        #5.9  How do I get Snort to email me alerts.

That's got a link to:

        http://www.theadamsfamily.net/~erek/snort/snort-swatch.txt

It's amazing what we hide in there isn't it?  ;-)

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: