Hi
oehm, did not find that -F Parameter in man sendmail ;-((
Oh, it's there. man sendmail: -F full_name Set the sender full name. This is used only with messages that have no From: message header.
$1 is the line with the Error-Message, right?
right.
If yes, then try the following:
"echo $1 | mail -s Security_Alert ALERT@domain.com"
skipping...
if this works, try:
"echo $1 | mail -s \"Security_Alert: $1\" ALERT@domain.com"
hey, no bad idea. effect is that the alert is displayed in the subject textfield, not in the body. the echo $1 didn't work. Logsurfer printed the matching logs to shell. Thanks a lot. Philipp
-----Original Message----- From: mailinglists [mailto:mailinglists@belfin.ch] Sent: Tuesday, June 03, 2003 7:24 AM To: Dirk Schreiner; suse-security@suse.com Subject: AW: [suse-security] snort & logsurfer
Blind shot:
...missed, unfortunately :-(
'(.*snort:.*)' - - - 0 report "/usr/lib/sendmail -F ALERT@domain.com psnizek \"security alert: $1\"" "$1"
I tried that. Result is the string gets tokenized and every token becomes part of the receiver's email address, such as: security@domain.com alert@domain.com . . . snort@domain.com and later psnizek@domain.com
Besides of that the mail body still is empty.
Philipp
Dirk
-----Original Message----- From: mailinglists [mailto:mailinglists@belfin.ch] Sent: Monday, June 02, 2003 9:57 PM To: suse-security@suse.com Subject: [suse-security] snort & logsurfer
Hi
I'm trying to build up an email alerting system with snort 2 and logsurfer 1.5. Basically it's working; I get the emails from the snort box when snort acction occurs in the messages log. Problem is, the mail bodies are empty.
That's the logsurfer command:
'(.*snort:.*)' - - - 0 report "/usr/lib/sendmail -F ALERT@domain.com psnizek "security alert: $1"" "$1"
please, can anybody help?
thanks a lot & kind regards,
Philipp
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here