Re: IIS and Snort

From: Johannes B. Ullrich (jullrich@euclidian.com)
Date: 09/21/01


Date: Fri, 21 Sep 2001 12:23:02 -0400 (EDT)
From: "Johannes B. Ullrich" <jullrich@euclidian.com>
To: Ian Macdonald <sec-home@dirk.demon.co.uk>
Subject: Re: IIS and Snort
Message-ID: <Pine.LNX.4.33.0109211222380.10892-100000@johannes.euclidian.com>


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

In addtion to logging to the database, you can log to syslog and use a
program like 'swatch' to send email alerts.

On Thu, 20 Sep 2001, Ian Macdonald wrote:

> Does anyone have any suggestions for generating email alerts from a unix box
> running snort which sends data to a mysql database. I wanted to try acid
> which is why I decided to log to a database.
>
> Thanks for you suggestions
>
> Ian
> ----- Original Message -----
> From: "McCammon, Keith" <Keith.McCammon@eadvancemed.com>
> To: "'Brian Carvalho'" <brian.carvalho@verizon.net>;
> <focus-ids@securityfocus.com>
> Cc: <focus-ms@securityfocus.com>
> Sent: Wednesday, September 19, 2001 6:49 PM
> Subject: RE: IIS and Snort
>
>
> > ***Is there any way to send alerts with Snort?
> >
> > Snort generates an alert.ids file where alerts are written. However, you
> > can configure output plug-ins for SQL, syslog, etc. You can pretty much
> get
> > your alerts any way you want 'em with relatively little effort.
> >
>
>
>

- --
- -------
jullrich@sans.org Join http://www.DShield.org
                                     Distributed Intrusion Detection System

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see http://www.gnupg.org

iD8DBQE7q2lpVOIizK5pIDMRAo7iAKDhpzuDufYBb/pSrp//8VtEvnok6QCg6uIW
kYbMpdndp56DBg2yyfrA8GM=
=2Utv
-----END PGP SIGNATURE-----



Relevant Pages

  • Re: Boot hangs after snort initialization
    ... > Initializing Output Plugins! ... Paul, I can start snort with just typing snort, though, and get the ... Running in IDS mode with inferred config file: ... database: compiled support for ...
    (Fedora)
  • Re: [Snort-devel] Re: RFC: Forking Snort
    ... > I don't maintain the database plugin, ... why would I be the point of contact for future database plugin ... someone I work with on our snort deployment. ... you as a leader of an open source project and a commercial ...
    (Focus-IDS)
  • Re: Export ethereal cap file to SQL database with all details
    ... I just cooked up a perl script to do just this because people keep ... The script uses a Snort database as it's ... Export ethereal cap file to SQL database with all details ... Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
    (Focus-IDS)
  • [Full-Disclosure] Symantec Buys SecurityFocus, among others....
    ... So would you use a non-profit database that was populated by the ... For wanting a public vulnerability database? ... security mailing lists. ... using Snort earlier today on a product pen test. ...
    (Full-Disclosure)
  • [Full-Disclosure] Symantec Buys SecurityFocus, among others....
    ... >As a consulting company that publishes vulnerability information and tools, ... FYI, as I recall, the information in the Bugtraq Database is freely available to the public through their web site anyways. ... The open source tools could tie into it. ... And I believe the same applies to Marty, as Sourcefire is offering commercial products built on Snort. ...
    (Full-Disclosure)