[Snort-users] Snort 1.7 and alerts

shawn . moyer shawn at ...1184...
Mon Mar 5 15:23:33 EST 2001

Best way (IMHO) would be to log to syslog and use Swatch 


or Logcheck


I've used Logcheck myself for this in the past, but IIRC both of these
will allow you to set a threshold to do a mail alert with.

Since you can do syslog in addition to either db or "packet tree"
alerting this should work for both of you.


> Claude Bailey wrote:
> Did anyone ever respond to the query below?  I'm looking for the same
> thing but I'm not logging to a database
> -----Original Message-----
> From: John Johnson [mailto:john at ...599...]
> Sent: Thursday, February 22, 2001 4:44 PM
> To: snort-users at lists.sourceforge.net
> Subject: [Snort-users] Snort 1.7 and alerts
> Hash: SHA1
>  I there a way I can set snort to Send Emails to a list of address
>  when say it get's an alert  15 times in say 5 minutes
> form a single host? I am running snort 1.7 on Mandrake 7.2 logging
> alerts to a MySQL Database

More information about the Snort-users mailing list