[Snort-users] Snort 1.7 and alerts
shawn . moyer
shawn at ...1184...
Mon Mar 5 15:23:33 EST 2001
Best way (IMHO) would be to log to syslog and use Swatch
I've used Logcheck myself for this in the past, but IIRC both of these
will allow you to set a threshold to do a mail alert with.
Since you can do syslog in addition to either db or "packet tree"
alerting this should work for both of you.
> Claude Bailey wrote:
> Did anyone ever respond to the query below? I'm looking for the same
> thing but I'm not logging to a database
> -----Original Message-----
> From: John Johnson [mailto:john at ...599...]
> Sent: Thursday, February 22, 2001 4:44 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort 1.7 and alerts
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> I there a way I can set snort to Send Emails to a list of address
> when say it get's an alert 15 times in say 5 minutes
> form a single host? I am running snort 1.7 on Mandrake 7.2 logging
> alerts to a MySQL Database
More information about the Snort-users