Posted by:dragorn
Subject:alert logs
Date:15:51:54 07/09/2011

> Hi,
> First of all, thanks for the great job on kismet.
> I have read the documentation and the forum and I would like to know how to read the alert logs. I use version 2008.05.R1 which is newcore I beleive. According to the forum, this version logs the alerts.

No; this version is extremely old. It's from 2008. The latest release is 2011-03.

> I use kismet server in background (--daemonize) as a wifi IDS. I know that alerts are reported to the client (cf forum) but I would like to have them logged to tigger actions (send mail for example). I see .cisco .dump .xml, .csv and .weak log files. What can I grep in what files to find that an alert has been raised?

Newcore logs alerts; you're not running newcore.

Trying to grep active files isn't the best since the latest alerts may not be visible (OS file io buffering).

I'd suggest upgrading to newcore, then looking at some of the example network scripts - there's enough in the ruby/ directory to make a little network daemon that acts as a kismet client and throws alerts into whatever triggers you want, for example. Probably about 10 lines of code to do so.

