Want to use Nagios to inform admins about Snort alerts!

Demetri Mouratis dmourati at cm.math.uiuc.edu
Tue Jun 15 16:55:23 CEST 2004

Previous message: Want to use Nagios to inform admins about Snort alerts!
Next message: Scheduling Daily Downtime?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

On Tue, 15 Jun 2004, Gordon Meiser wrote:

> "Is there any possibility to inform nagios, if the ids snort is
> detecting an intrusion and generating an alert?"
>

One way would be to configure snort to log to syslog (or syslog-ng if
you're so inclined.)  From there, you could run check_log against the
snort syslog and pattern match for nefariousness.

I'd spend a considerable effort to tune snort prior to attempting the
above.

Good luck.
---------------------------------------------------------------------
Demetri Mouratis
dmourati at linfactory.com



-------------------------------------------------------
This SF.Net email is sponsored by The 2004 JavaOne(SM) Conference
Learn from the experts at JavaOne(SM), Sun's Worldwide Java Developer
Conference, June 28 - July 1 at the Moscone Center in San Francisco, CA
REGISTER AND SAVE! http://java.sun.com/javaone/sf Priority Code NWMGYKND
_______________________________________________
Nagios-users mailing list
Nagios-users at lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/nagios-users
::: Please include Nagios version, plugin version (-v) and OS when reporting any issue. 
::: Messages without supporting info will risk being sent to /dev/null

Previous message: Want to use Nagios to inform admins about Snort alerts!
Next message: Scheduling Daily Downtime?
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

More information about the Users mailing list