Does anyone know of a good solution to have Snort syslog alerts Emailed to an address? I'm trying to use Logdog with OpenBSD, and doesn't seem to be the best solution.

heres a good article i found discussing swatch and syslog-ng.

http://www.linuxsecurity.com/content/view/117377/49/

Nice Junkie. :icon_smil

I'll let you know how it goes in about an hour or so.

Hey Strog, it mentions how to do it with SMS like you were wanting. :biggrin:

Ok. I'm having issues now. It's logging correctly, and swatch is running. For some reason Swatch isn't sending anything, and I don't have any idea where to check to see if there are errors.

here's my swatchrc:

watchfor /Priority \:1/
mail address=user@isp.com,subject=--- Snort Alert! ---
throttle 00:00:10

watchfor=/spp_stream4/
mail address=user@isp.com,subject=--- Snort Alert! ---
throttle 00:00:10

I have sendmail setup, and can send mail with 'mail user@isp.com'

Any ideas?

Well, back to the differences in version. The syntax that it wanted for startup was different from recent/previous versions. A quick reading of the man page for my version cleared it all up.