[Snort-sigs] filtering with snortsam after more then one match
jay at ...1722...
Mon Dec 8 04:15:06 EST 2003
let's say i have a rule that outputs to fwsam which filters out the
offending ip. Is there a way to make it ouptut to fwsam after 5 matches
on that sig ?
For example, i want snortsam to filter out the offending ip if snort
detects more then 5 identic matches on a signature per 3 seconds or
something like that. Any help would be much appreciated.
My goal is to brush up my logs a little and have snortsam keep my
logfiles in decent limits.
Public GnuPG key AAB551A4 available at
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 189 bytes
Desc: This is a digitally signed message part
More information about the Snort-sigs