RE: Snort & email
From: Omar Herrera (oherrera_at_prodigy.net.mx)
Date: 05/07/05
- Previous message: Frank Knobbe: "Re: Snort & email"
- Maybe in reply to: Dan S Baxter: "Snort & email"
- Next in thread: Joel Esler: "Re: Snort & email"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Sat, 07 May 2005 09:08:32 -0500 To: focus-ids@securityfocus.com
Hi Dan,
You can make snort log to both syslog and a MySQL database. Syslog alerts
can be emailed and the will be wiped out eventually, when logs are rotated,
so no overhead there.
I'm not sure how much this affects performance, but have tested it this way
and have not noticed a significant degradation.
Regards,
Omar Herrera
> -----Original Message-----
> From: Dan S Baxter [mailto:Dan.Baxter@ipaper.com]
>
> I'm setting up a Snort sensor in our environment and I am unable to
> determine how I might get emailed on alerts. I understand some are using
> Swatch, but we are not logging to syslogs but rather to a mysql db. What
> are others doing in this case?
>
> If I can't get it to alert me, it doesn't do me as much good, as I do not
> have the time to watch it 24/7.
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: Frank Knobbe: "Re: Snort & email"
- Maybe in reply to: Dan S Baxter: "Snort & email"
- Next in thread: Joel Esler: "Re: Snort & email"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
