0

I`m trying to make a script that trigger an action if 5 snort rules ware broken in 24 hours interval.

I`m putting all my snort logs in alert.log Can some one help me to make a script that motor this file and do an action (echo for example) if 5 new lines appear int that file in less then 24 hours?

After some research i think i found a different approach. Can some one help me with a simple script that count enteritis, stop on the fith and print a message?

Weiss Willy
  • 1
  • 1
  • My first thought is that you can place each snort line in a DB like MySQL with a ID based on the time the line was written, and than have a script that query the database with a time query that says, if the resultset is equal or bigger than five for 24h intervals, do something. – Cristian Matthias Ambæk May 10 '18 at 08:55
  • I was thinking to a much simple solution. Just a simple script that count entries in a given file. If count hit number 5 then echo something. – Weiss Willy May 10 '18 at 10:59
  • Sure aslong as you rotate your log file every 24 hours but you did not specify if you did so and than you need to be able to see what is old and what is new. – Cristian Matthias Ambæk May 10 '18 at 14:20

0 Answers0