#
# Swatch configuration file
#
# Honeynet Project <project@honeynet.org>
# Last Modified 7 April, 2000
#
# swatch -c /etc/swatchrc -t /var/log/messages 
#

### Snort honeypot alerts from ids
watchfor /snort/
        echo bold

        # mail alert to admin
        mail addressess=alert,subject=--- Snort IDS Alert ---

        # Archive to two different files
        exec echo $0 >> /var/log/IDS-scans
        exec echo $0 >> /usr/local/apache/htdocs/wargames/scans/THIS_MONTH.txt

watchfor /(msadcs.dll|ism.dll|showcode.asp)/
        mail addressess=alert,subject--- NT IIS Alert ---
        exec echo $0 >> /var/log/IDS-scans
        exec echo $0 >> /usr/local/apache/htdocs/wargames/scans/THIS_MONTH.txt