RE: [Snort-users] Snort IDS OUTPUT TO PRINTER
This is a discussion on RE: [Snort-users] Snort IDS OUTPUT TO PRINTER within the Snort forums, part of the System Security and Security Related category; This is a multi-part message in MIME format. ------=_NextPart_000_0045_01C44F8E.DED57D20 Content-Type: text/plain; charset="us-ascii" ...
|
|||||||
| FAQ | Members List | Calendar | Search | Today's Posts | Mark Forums Read |
06-11-2004
|
|||
|
|||
RE: [Snort-users] Snort IDS OUTPUT TO PRINTER
This is a multi-part message in MIME format.
------=_NextPart_000_0045_01C44F8E.DED57D20 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Paper...paper....I remember people talking about that. I can't imagine why you'd want to do this but sure, that would work. I'm not 100% sure how to make it work but here are two ideas. You definitely achieve both of these goals. For the alert bell - I'd probably have swatch monitor the alert file and "bell" whenever it saw the start of a new "alert paragraph". For the printout - do something like "tail -f /var/log/snort/alert > /dev/prn" The tail program is designed to read the last few lines of a file. Using the -f parameter causes it to keep reading as the file is appended to. The ">" is to redirect the data to the printer device. -----Original Message----- From: snort-users-admin@lists.sourceforge.net [mailto:snort-users-admin@lists.sourceforge.net] On Behalf Of Aaron Russ Sent: Friday, June 11, 2004 12:26 AM To: snort-users@lists.sourceforge.net Subject: [Snort-users] Snort IDS OUTPUT TO PRINTER Is it possible to not only view the alerts from IDS mode on screen and log to a file but also send it to a dot matrix printer as the alerts come in? this way you have a hard copy you can easily review or take with you. Another question is can you make snort to beep when there is a IDS alert? _____ Do you Yahoo!? Friends. Fun. Try the all-new Yahoo! <http://messenger.yahoo.com/> Messenger ------=_NextPart_000_0045_01C44F8E.DED57D20 Content-Type: text/html; charset="us-ascii" Content-Transfer-Encoding: quoted-printable <!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.0 Transitional//EN"> <HTML><HEAD> <META HTTP-EQUIV=3D"Content-Type" CONTENT=3D"text/html; = charset=3Dus-ascii"> <TITLE>Message</TITLE> <META content=3D"MSHTML 6.00.2800.1400" name=3DGENERATOR></HEAD> <BODY> <DIV><SPAN class=3D858172912-11062004><FONT face=3DArial color=3D#0000ff = size=3D2>Paper...paper....I remember people talking about=20 that.</FONT></SPAN></DIV> <DIV><SPAN class=3D858172912-11062004><FONT face=3DArial color=3D#0000ff = size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D858172912-11062004><FONT face=3DArial color=3D#0000ff = size=3D2>I=20 can't imagine why you'd want to do this but sure, that would work. = I'm not=20 100% sure how to make it work but here are two ideas. You = definitely=20 achieve both of these goals.</FONT></SPAN></DIV> <DIV><SPAN class=3D858172912-11062004><FONT face=3DArial color=3D#0000ff = size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D858172912-11062004><FONT face=3DArial color=3D#0000ff = size=3D2>For=20 the alert bell - I'd probably have swatch monitor the alert file and = "bell"=20 whenever it saw the start of a new "alert = paragraph".</FONT></SPAN></DIV> <DIV><SPAN class=3D858172912-11062004><FONT face=3DArial color=3D#0000ff = size=3D2></FONT></SPAN> </DIV> <DIV><SPAN class=3D858172912-11062004><FONT face=3DArial color=3D#0000ff = size=3D2>For=20 the printout - do something like "tail -f /var/log/snort/alert > = /dev/prn" The tail program is designed to read the last few lines = of a=20 file. Using the -f parameter causes it to keep reading as the file = is=20 appended to. The ">" is to redirect the data to the = printer=20 device.</FONT></SPAN><SPAN = class=3D858172912-11062004> </SPAN></DIV> <BLOCKQUOTE style=3D"MARGIN-RIGHT: 0px"> <DIV></DIV> <DIV class=3DOutlookMessageHeader lang=3Den-us dir=3Dltr = align=3Dleft><FONT=20 face=3DTahoma size=3D2>-----Original Message-----<BR><B>From:</B>=20 snort-users-admin@lists.sourceforge.net=20 [mailto:snort-users-admin@lists.sourceforge.net] <B>On Behalf Of = </B>Aaron=20 Russ<BR><B>Sent:</B> Friday, June 11, 2004 12:26 AM<BR><B>To:</B>=20 snort-users@lists.sourceforge.net<BR><B>Subject:</B> [Snort-users] = Snort IDS=20 OUTPUT TO PRINTER<BR><BR></FONT></DIV> <DIV> <DIV><EM>Is it possible to not only view the alerts from IDS mode on = screen=20 and log to a file but also send it to a dot matrix printer as the = alerts come=20 in?</EM></DIV> <DIV><EM></EM> </DIV> <DIV><EM>this way you have a hard copy you can easily review or take = with=20 you.</EM></DIV> <DIV><EM></EM> </DIV> <DIV><EM>Another question is can you make snort to beep when there is = a IDS=20 alert?</EM></DIV></DIV> <P> <HR SIZE=3D1> <FONT face=3Darial size=3D-1>Do you Yahoo!?<BR>Friends. Fun. <A=20 href=3D"http://messenger.yahoo.com/">Try the all-new Yahoo!=20 Messenger</A></FONT></BLOCKQUOTE></BODY></HTML> ------=_NextPart_000_0045_01C44F8E.DED57D20-- ------------------------------------------------------- This SF.Net email is sponsored by the new InstallShield X. From Windows to Linux, servers to mobile, InstallShield X is the one installation-authoring solution that does it all. Learn more and evaluate today! http://www.installshield.com/Dev2Dev/0504 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/...fo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.p...st=snort-users 
|
Linear Mode
