140


Chapter 4     Plugins, Preprocessors and Output Modules


N O T E  In addition to the above line, you also need to configure MySQL database


and create tables. Discussion about this process is the subject of the next chapter.


Another example of using output modules is as follows. This line in the


snort.conf  file will cause alerts to be sent as SMB pop up windows to a list of


hosts located in the workstation.list file.


output alert_smb: workstation.list


Sometimes you may want to send alerts to multiple locations. Defining your own


action using the ruletype keyword is a good idea. For example, the following lines in the


snort.conf file will define an action type called   smb_db_alert  that will cause


alerts to be sent to both the database and SMB pop up windows for rules that use this


action type.


ruletype smb_db_alert


{


   type alert


   output alert_smb: workstation.list


   output database: log, mysql, user=rr password=rr \


     dbname=snort host=localhost


}


The following rule uses this new action type. Alerts generated by this rule will go


to MySQL database as well as to the Windows machine in the form of pop up windows.


smb_db_alert icmp any any  > 192.168.1.0/24 any \


  (fragbits: D; msg: "Dont Fragment bit set";)


You can also use command line options with some output modules. For example,


you can use  s option to log alerts to Syslog. 


4.2.1


The alert_syslog Output Module


Syslog is a system logging daemon available on almost all UNIX systems. It uses


a configuration file /etc/syslog.conf where you can define different parameters


to determine what happens when a message for a defined facility is received. A detailed


discussion of Syslog is beyond the scope of this book and you should refer to the man 


ual pages of syslogd and syslog.conf. 


The alert_syslog module allows you to send alerts to the syslog facility. The


Syslog daemon can also be used to forward alerts to some other host as well if you need


centralized logging. The following is the general format for using this module.


output alert_syslog:   








footer






  


 


 


        

 


 

  

    

      
      
 Home 
      | About Us | Network 
      | Services | Support 
      | FAQ | Control Panel 
      | Order Online |
      Sitemap | Contact

      

      toronto web hosting

      
 

    

  

  




Our partners: 
PHP: Hypertext Preprocessor Cheap Web Hosting
JSP Web Hosting
Ontario Web Hosting 
Jsp Web Hosting 




Cheapest Web Hosting
Java Hosting
Cheapest Hosting



Visionwebhosting.net Business web hosting division of Vision Web Hosting Inc.. All rights reserved