Re: IIS and Snort

From: Johannes B. Ullrich (
Date: 09/21/01

Date: Fri, 21 Sep 2001 12:23:02 -0400 (EDT)
From: "Johannes B. Ullrich" <>
To: Ian Macdonald <>
Subject: Re: IIS and Snort
Message-ID: <>

Hash: SHA1

In addtion to logging to the database, you can log to syslog and use a
program like 'swatch' to send email alerts.

On Thu, 20 Sep 2001, Ian Macdonald wrote:

> Does anyone have any suggestions for generating email alerts from a unix box
> running snort which sends data to a mysql database. I wanted to try acid
> which is why I decided to log to a database.
> Thanks for you suggestions
> Ian
> ----- Original Message -----
> From: "McCammon, Keith" <>
> To: "'Brian Carvalho'" <>;
> <>
> Cc: <>
> Sent: Wednesday, September 19, 2001 6:49 PM
> Subject: RE: IIS and Snort
> > ***Is there any way to send alerts with Snort?
> >
> > Snort generates an alert.ids file where alerts are written. However, you
> > can configure output plug-ins for SQL, syslog, etc. You can pretty much
> get
> > your alerts any way you want 'em with relatively little effort.
> >

- --
- ------- Join
                                     Distributed Intrusion Detection System

Version: GnuPG v1.0.6 (GNU/Linux)
Comment: For info see


Relevant Pages

  • Re: Boot hangs after snort initialization
    ... > Initializing Output Plugins! ... Paul, I can start snort with just typing snort, though, and get the ... Running in IDS mode with inferred config file: ... database: compiled support for ...
  • Re: [Snort-devel] Re: RFC: Forking Snort
    ... > I don't maintain the database plugin, ... why would I be the point of contact for future database plugin ... someone I work with on our snort deployment. ... you as a leader of an open source project and a commercial ...
  • Re: Export ethereal cap file to SQL database with all details
    ... I just cooked up a perl script to do just this because people keep ... The script uses a Snort database as it's ... Export ethereal cap file to SQL database with all details ... Find out quickly and easily by testing it with real-world attacks from CORE IMPACT. ...
  • [Full-Disclosure] Symantec Buys SecurityFocus, among others....
    ... So would you use a non-profit database that was populated by the ... For wanting a public vulnerability database? ... security mailing lists. ... using Snort earlier today on a product pen test. ...
  • [Full-Disclosure] Symantec Buys SecurityFocus, among others....
    ... >As a consulting company that publishes vulnerability information and tools, ... FYI, as I recall, the information in the Bugtraq Database is freely available to the public through their web site anyways. ... The open source tools could tie into it. ... And I believe the same applies to Marty, as Sourcefire is offering commercial products built on Snort. ...