We've been using snort with ACID as a front-end and MySQL as the back-end with great success. ACID has a feature that allows you to export the alerts as an email, along with any custom message. For us, they look something like this:
---snip--- The following logs are in the EDT timezone (GMT-5). Please investigate and report back. Thank you. Nathan W. Labadie Sr. Security Specialist C&IT Security Office Wayne State University http://security.wayne.edu Generated by ACID v0.9.6b20 on Mon January 07, 2002 08:36:42 #1-3916| [2002-01-07 08:04:34] 216.47.152.201:722 -> xxx.xxx.xxx.xx:111 [arachNIDS/24] RPC portmap request ttdbserv #1-3921| [2002-01-07 08:08:27] 216.47.152.201:768 -> xxx.xxx.xxx.xx:111 [arachNIDS/24] RPC portmap request ttdbserv #1-3951| [2002-01-07 08:08:31] 216.47.152.201:769 -> xxx.xxx.xxx.xx:111 [arachNIDS/24] RPC portmap request ttdbserv ---snip--- More information can be found here: http://www.snort.org http://www.andrew.cmu.edu/~rdanyliw/snort/snortacid.html On Monday 07 January 2002 11:23 am, you wrote: > I'd like to know if there is anykind of software that can besides > detecting DoS attack also report via any tool to Administrator and or > ISP Abuse Email -- Nathan W. Labadie | [EMAIL PROTECTED] Sr. Security Specialist | 313/577.2126 Wayne State University | 313/577.1338 fax C&IT Security Office: http://security.wayne.edu
