Date: Tue, 18 Dec 2001 20:44:31 -0600 From: "Anthony Kim" <niceshorts@yahoo.com> To: Dan Nelson <dnelson@allantgroup.com> Cc: Ceri <setantae@submonkey.net>, krzysztof <cs052279@yahoo.com>, freebsd-questions@FreeBSD.ORG Subject: Re: Sending email with syslogd Message-ID: <20011219024431.GB7061@boethius.telocity.com> In-Reply-To: <20011218195932.GC57822@dan.emsphone.com> References: <20011218192032.43522.qmail@web14808.mail.yahoo.com> <20011218193110.GA57342@rhadamanth> <20011218195932.GC57822@dan.emsphone.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Tue, Dec 18, 2001, Dan Nelson wrote: > In the last episode (Dec 18), Ceri said: > > On Tue, Dec 18, 2001 at 11:20:32AM -0800, krzysztof wrote: > > > I've recently configured snort to log to syslog but it does > > > not have an option in the snort.conf file to have it mail any > > > detections to an account. How would one configure anything snort > > > logs to syslog at local*.* to send mail? Is this something syslog > > > can do? > > > > In syslog.conf : > > > > local*.* |/bin/mail -s "log message from host.example.net" me@example.com > > .. and keep in mind that syslog will launch that command /once/, and > spool data into it until the pipe closes. You probably want to do > something like (untested): > > local1.* | read -r line ; ( echo $line | /bin/mail -s "log message" user@host.com ) & > > See the syslog.conf manpage for details. IMO, this isn't the right approach to the original problem. Install logwatch and have it monitor the snort alert.ids log. -- "Le motd juste." # vim:tw=65 ai et ts=4 sw=4 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20011219024431.GB7061>