Posts Tagged post fix
Snort has many logging ability’s, syslog, unixsock, tcpdumps, csv, xml, unified and my favourite, database. All these logging methods are great if you are going to look through your logs regularly. But if your busy doing other things or maintaining snort isn’t you main priority how are you expected to keep up to date with the logs.
I find that having snort email me every morning with a simple report is a much better way of ensuring that no one is attacking my systems. It only takes me a minute to read through the report and if there is something I think needs looking at I can easily log into my database and get as much information on the event as I need. So how do you setup email reports, well if you installed Snort on a Debian based system it is already installed, just not setup correctly: Read the rest of this entry »