How to monitor system with `snort` and send emails about `alerts`

**PROBLEM:** I have been configuring snort on my systems and would like to get emails from the systems if there are any alerts. What I have tried is swatch but I can't find much documentation on it, can only find very basic and incomplete "how to's sites" and this onnocenter.or.id/wik I created a service with systemd and setup swatch.conf but it's not working: swatchWATCH.service: 1 [Unit] 2 Description=Monitor Logfiles and send Mail reports 3 After=syslog.target network.target 4 5 [Service] 6 Type=simple 7 ExecStart=/usr/bin/swatch --config-file=/home/kristjan/.swatchrc --input-record-separator="\n \n " --tail-file=/var/log/snort/alert --daemon 8 Restart=always 9 #--tail-file=/var/log/auth.log 10 #./swatch -c /usr/local/.swatchrc -input-record-separator="\n \n " -p="tail -f /var/log/snort/alert " -daemon 11 #-c This option specifies the location of the .swatchrc file. 12 # 13 #---input-record-separator With this command-line option you can specify the delimiting boundary for each alert. By default it is the newline character, \n. 14 # 15 #-p This option is used to read information outputted directly from a command. You can use it to monitor the output of a command for specific events. 16 # 17 #-t This option specifies the file to be monitored for security events. 18 # 19 #---daemon Append this switch to enable daemon mode. 20 21 [Install] 22 WantedBy=multi-user.target .swatchrc: 1 watchfor /Priority \:1/ 2 echo=normal 3 mail=myemailATTgmail.com, subject=Snort Security Alert! 4 5 watchfor /Priority \:2/ 6 echo=normal 7 mail=mymailATTgmail.com, subject=Snort Security Alert! 8 9 I have also looked at syslog-ng but same I've only found incomplete how to's and it looks to be very complicated. **SPECS:** My systems are Debian Stretch 9.8 and snort is the from the repositories. I also have logwatch installed and configured on the servers. I send mail on my systems like this: mail -s '"Subject: auth: FAILED su for root\n\n$_\n"' somethingATTgmail.com **QUESTION:** How can I get mail(my servers are set up to send email) notifications from snort(How would you do it?)? Where does snort log alerts(what file)?