Mailinglist Archive: opensuse-security (363 mails)

< Previous Next >
RE: [suse-security] snort & logsurfer
  • From: "Dirk Schreiner" <dirk.schreiner@xxxxxxx>
  • Date: Tue, 3 Jun 2003 10:58:23 +0200
  • Message-id: <000101c329ae$49fafe20$9501010a@xxxxxxx>
Hi,

oehm, did not find that -F Parameter in
man sendmail ;-((

$1 is the line with the Error-Message, right?

If yes, then try the following:

"echo $1 | mail -s Security_Alert ALERT@xxxxxxxxxx"

if this works, try:

"echo $1 | mail -s \"Security_Alert: $1\" ALERT@xxxxxxxxxx"


Dirk


> -----Original Message-----
> From: mailinglists [mailto:mailinglists@xxxxxxxxx]
> Sent: Tuesday, June 03, 2003 7:24 AM
> To: Dirk Schreiner; suse-security@xxxxxxxx
> Subject: AW: [suse-security] snort & logsurfer
>
>
>
>
> > Blind shot:
>
> ...missed, unfortunately :-(
>
> > '(.*snort:.*)' - - - 0 report "/usr/lib/sendmail -F ALERT@xxxxxxxxxx
> > psnizek \"security alert: $1\"" "$1"
>
> I tried that. Result is the string gets tokenized and every
> token becomes part of the receiver's email address, such as:
> security@xxxxxxxxxx
> alert@xxxxxxxxxx
> .
> .
> .
> snort@xxxxxxxxxx
> and later
> psnizek@xxxxxxxxxx
>
> Besides of that the mail body still is empty.
>
> Philipp
>
> > Dirk
> >
> >
> > > -----Original Message-----
> > > From: mailinglists [mailto:mailinglists@xxxxxxxxx]
> > > Sent: Monday, June 02, 2003 9:57 PM
> > > To: suse-security@xxxxxxxx
> > > Subject: [suse-security] snort & logsurfer
> > >
> > >
> > > Hi
> > >
> > > I'm trying to build up an email alerting system with snort 2
> > > and logsurfer 1.5. Basically it's working; I get the emails
> > > from the snort box when snort acction occurs in the messages
> > > log. Problem is, the mail bodies are empty.
> > >
> > > That's the logsurfer command:
> > >
> > > '(.*snort:.*)' - - - 0 report "/usr/lib/sendmail -F
> > > ALERT@xxxxxxxxxx psnizek "security alert: $1"" "$1"
> > >
> > >
> > > please, can anybody help?
> > >
> > > thanks a lot & kind regards,
> > >
> > > Philipp
> > >
> > > --
> > > Check the headers for your unsubscription address
> > > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > > Security-related bug reports go to security@xxxxxxx, not here
> > >
> > >
> >
> >
> >
> > --
> > Check the headers for your unsubscription address
> > For additional commands, e-mail: suse-security-help@xxxxxxxx
> > Security-related bug reports go to security@xxxxxxx, not here
> >
> >
>



< Previous Next >
References