Re: Snort & email
ctooker_at_ti.parmapatas.net
Date: 05/16/05
- Previous message: saurabha: "flow of packet from iptable to snort_inline"
- Maybe in reply to: Dan S Baxter: "Snort & email"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Mon, 16 May 2005 17:47:45 +0200 To: focus-ids@securityfocus.com
Dan,
Have you considered running Swatch on the MySQL server?
It could find the Snort alerts embedded in the SQL INSERT queries. They
are logged by default in the /var/log/mysql/ dir.
Cheers,
Chris
ctooker@ti.parmapatas.net
> I'm setting up a Snort sensor in our environment and I am unable to
> determine how I might get emailed on alerts. I understand some are using
> Swatch, but we are not logging to syslogs but rather to a mysql db. What
> are others doing in this case?
>
> If I can't get it to alert me, it doesn't do me as much good, as I do not
> have the time to watch it 24/7.
>
> Dan Baxter
> International Paper
> Information Risk Management
> 901-419-5193
>
>
>
--------------------------------------------------------------------------
Test Your IDS
Is your IDS deployed correctly?
Find out quickly and easily by testing it with real-world attacks from
CORE IMPACT.
Go to http://www.securityfocus.com/sponsor/CoreSecurity_focus-ids_040708
to learn more.
--------------------------------------------------------------------------
- Previous message: saurabha: "flow of packet from iptable to snort_inline"
- Maybe in reply to: Dan S Baxter: "Snort & email"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
