Re: snort and auto-alert?

To: debian-user@lists.debian.org
Subject: Re: snort and auto-alert?
From: Jeff <jcoppock1@attbi.com>
Date: Sat, 13 Jul 2002 23:27:07 -0700
Message-id: <[🔎] 20020714062707.GA12105@jc.oftheinter.net>
Mail-followup-to: debian-user@lists.debian.org
In-reply-to: <[🔎] 20020714095931.E3CB.PAHUD@pahud.net>
References: <[🔎] 20020714095931.E3CB.PAHUD@pahud.net>

Patrick Hsieh, 2002-Jul-14 10:03 +0800:
> Hello list,
> 
> I've installed snort on woody and it runs normally.
> Is there anyway to make snort to work with some alert system so that
> when a portscan or other attack behaviro occures, it calls the alert
> system to page the system admin. or send email to system admin?
> I need real time alert. It seems there's only cron analysis solution?

I run logcheck to monitor all my log files, including snorts.  It
sends me emails with reports on "suspect" activity.  I use the default
config which runs every hour, but I'm sure you can set up logcheck in
more of a realtime mode, I just haven't tried yet.

> Another question. Can snort define a certain unnormal http access
> behavior pattern, say, one single IP access on single URL multiple times
> in EVERY second? If not, is there any opensource software can achieve
> that?

I don't know about this one.  Sounds interesting though.

jc

--
Jeff Coppock		Systems Engineer
Diggin' Debian		Admin and User


-- 
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- snort and auto-alert?
  - From: Patrick Hsieh <pahud@pahud.net>

Prev by Date: Re: Easy install CMS?
Next by Date: Re: (Debian) Opera browser
Previous by thread: snort and auto-alert?
Next by thread: mutt and evolution on same mboxes
Index(es):
- Date
- Thread