[Snort-users] Re: One for the Wishlist

Andrew R. Baker andrewb0x29a at ...131...
Wed Sep 20 17:32:19 EDT 2000


Nothing like responding to an old thread, but there is code in the current
dev branch that will take care of some of the multiple alert levels.  The
code allows you to define a new alert type based on one of the existing
types (alert, log, pass, etc.) and to assign distinct output plugins to
it.  This would allow you to define red_alert, yellow_alert, etc. and have
each use a different alert mechanism and a different log mechanism.  I
think its really cool (but then again I wrote the code) and it was
intended for this exact purpose (and some other things I was doing with
snort).  You can even specify what order all of the different alert types
are evaluated in.  I think I may even have documented some of this in my
old snort docs (http://www.dpo.uab.edu/~andrewb/snort), which may even get
updated someday.  And with Marty now in the group of the unemployed, Snort
1.7 should be coming out "any day now", right Marty?

-Andrew 


__________________________________________________
Do You Yahoo!?
Send instant messages & get email alerts with Yahoo! Messenger.
http://im.yahoo.com/



More information about the Snort-users mailing list