Sign in to follow this  
Followers 0
Morpheus

Technical Advisory: Configuring Email Notifications for Rules Updates

Started by Morpheus,

1 post in this topic

Posted

The WinIDS installation includes a Rules Updater utility (located in the WinSnort group in the Start Menu). By default, this utility performs a standard rule sync with Sourcefire and applies updates automatically.

For administrators who require remote monitoring, the utility includes an optional Email Utility. When activated, it sends a status report to a designated email address, confirming whether rules were updated, already current, or if a validation error occurred.

Configuration Procedure

To activate and configure the email notification system, follow these steps:

1. Open the Script for Editing

Navigate to your WinIDS installation directory and locate the PowerShell script:

  • Path: \scripts\rules-update.ps1
  • Action: Right-click the file and select Edit (or open it with Notepad/VS Code).

2. Enable the Mail Utility

Locate the User Configuration section at the top of the script. Change the $sendmail value from 0 to 1:

$sendmail = 1  # Activates the email reporting feature

3. Configure SMTP Settings

Input your mail server details between the quotes in the configuration block:

  • $smtpServer: Your mail server address (e.g., smtp.gmail.com or internal relay IP).
  • $smtpPort: Use 587 for SSL/TLS or 25 for standard internal relays.
  • $smtpUser / $smtpPassword: Enter valid credentials if your server requires authentication.
  • $from / $to: Enter the sender and recipient email addresses.

4. Save and Test

  1. Save the file.
  2. Open the Start Menu and navigate to the WinSnort group.
  3. Click the Rules Updater link to execute the script.
  4. Observe the console output. If successful, you will see:

An Email report of the Rules update has been sent...

Troubleshooting & Support

  • Execution Policy: Ensure the script is run with Administrative privileges.
  • Port Blocking: If using Port 25, ensure your antivirus or firewall is not blocking outbound SMTP traffic from PowerShell.
  • Logs: Check the \pulledpork\log\ folder for detailed execution logs if an update fails.

Technical Support:

Issues during setup, please visit the WinSnort.com Forums under the Auto-Installer section for community-led support and troubleshooting tips.

Share this post

Link to post
Share on other sites
Sign in to follow this  
Followers 0
Go To Topic Listing Technical Advisories - Auto-Installers