These forums have been switched to read-only mode as of March 1, 2011. The content that already existed here will be retained for posterity. No new posts will be accepted here. For more information and for the address of the new forums, see this page: http://snort.org/community/groups
Forums Snort Development

which function contains the code responsible for ALERT

Subscribe to which function contains the code responsible for ALERT 1 post(s), 1 voice(s)

 
03 Jul, 2009 06:41 PM
Avatar mahmoud 2 post(s)

Empty_starEmpty_starEmpty_starEmpty_starEmpty_star

Hi,
I need to know the portion of the program tha is responsible for producing the alerts.
The reason is that I need to extract the source IP/MAC written in the alert, also I need to initiate a script that logs into a switch once an alert is produced. This script should shutdown the port corresponding to the MAC extracted from the alert.

Why am I doing that?

Because I need an IPS in a level under the switch ( No firewalls here)……..I don’t know if snort inline can do so or not……

If anybody has other ideas, I’ll be pleased to hear them…

Thanks in advance.
Forums Snort Development

©2009 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved. Terms of Use | Privacy Policy