[Snort-users] alarm levels assigned to Snort rules

Kohlenberg, Toby toby.kohlenberg at ...1966...
Tue Jun 26 15:39:46 EDT 2001


I believe this is a planned (already exists?) feature for Snort 1.8.
If you can't wait, you can try changing the messages to include a
tag that defines the priority then use swatch or logcheck to look
for those tags in the alert or syslog files and respond in any
way you like.

Toby

> -----Original Message-----
> From: tim.gray1 at ...2387... [mailto:tim.gray1 at ...2387...]
> Sent: Tuesday, June 26, 2001 12:07 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] alarm levels assigned to Snort rules
> 
> 
> Is there a utility or resource out there which somehow, 
> (maybe by creating
> custom ruletypes), generates alarm levels for different attacks?
> 
> Let me explain more: Say I want password-crack attack signatures to be
> considered a level 5 alarm, and if this signature is detected, it will
> execute a paging program and log the alarm to a database.
> If the attack signature is just an ftp attempt, I consider it 
> a level 2 and
> I want to only log the attempt to a file.
> 
>  If anyone can provide some help with this, that would be a great.
> 
> Tim
> 
> 
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 





More information about the Snort-users mailing list