#intrusion detection #security #e-mail #cyber security #defensive security

Suricata is a great piece of software, but if you want to get alerts other than just logging them, you need to add additional mechanisms. Here is a Python script which monitors the Suricata fast log and sends out notifications via e-mail or ntfy server.

You can install the script the following way:

1. wget https://github.com/gobiodon/scripts/blob/main/suriwatcher.py

2. Change the path to the suricata logfile in the script (if necessary) and email_from/email_to variables to get e-mails on new alerts.

3. Run the script in the background like:

# nohup python3 suriwatcher.py &

You can also create a systemd service to start the program at system startup. If you have a self hosted ntfy server, you can get alerts with that as well.