[Snort-users] alarm levels assigned to Snort rules
toby.kohlenberg at ...1966...
Tue Jun 26 15:39:46 EDT 2001
I believe this is a planned (already exists?) feature for Snort 1.8.
If you can't wait, you can try changing the messages to include a
tag that defines the priority then use swatch or logcheck to look
for those tags in the alert or syslog files and respond in any
way you like.
> -----Original Message-----
> From: tim.gray1 at ...2387... [mailto:tim.gray1 at ...2387...]
> Sent: Tuesday, June 26, 2001 12:07 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] alarm levels assigned to Snort rules
> Is there a utility or resource out there which somehow,
> (maybe by creating
> custom ruletypes), generates alarm levels for different attacks?
> Let me explain more: Say I want password-crack attack signatures to be
> considered a level 5 alarm, and if this signature is detected, it will
> execute a paging program and log the alarm to a database.
> If the attack signature is just an ftp attempt, I consider it
> a level 2 and
> I want to only log the attempt to a file.
> If anyone can provide some help with this, that would be a great.
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
More information about the Snort-users