Linux Today: Linux News On Internet Time.

More on LinuxToday

Monitoring and Dealing With Snort Alerts

Oct 10, 2011, 10:01 (0 Talkback[s])
(Other stories by Juliet Kemp)

[ Thanks to Lee Schlesinger for this link. ]

"Snort itself doesn't actually do anything with its alerts, so it's important to make sure you have something in place to check for them. You do have a choice of output modules, but (with one exception, alert_unixsock, which I'll talk more about later) these only output to a file or a database. To monitor your chosen output format, you have several third-party options, with Snort Alert Monitor being one of the more popular ones, as it allows you to configure email alerts among other output types. If you have additional specific requirements, SAM exposes its API and is (at least according to its author!) simple to extend."

Complete Story

Related Stories: