[Snort-sigs] filtering with snortsam after more then one match

Alexandru Balan jay at ...1722...
Mon Dec 8 04:15:06 EST 2003


let's say i have a rule that outputs to fwsam which filters out the
offending ip. Is there a way to make it ouptut to fwsam after 5 matches
on that sig ?
For example, i want snortsam to filter out the offending ip if snort
detects more then 5 identic matches on a signature per 3 seconds or
something like that. Any help would be much appreciated.

My goal is to brush up my logs a little and have snortsam keep my
logfiles in decent limits. 
 
-- 
Jay
Public GnuPG key AAB551A4 available at
http://www.ines.ro/public_keys/jay.gpg
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20031208/c1b27dcf/attachment.sig>


More information about the Snort-sigs mailing list