[Snort-users] hits to pare down snort alerts

james the_saint_james at ...131...
Thu Oct 11 13:39:06 EDT 2001


I am running snort on the network of a statewide ISP. It's running in alert
mode. I have the switch set to broadcast the ports for several key servers.
I need some hints on how the edit down the traffic. Any help would be
appreciated, I am reading everything I can but I just got snort running
yesterday, and we were hacked overnight so I need some help in getting the
logs
down to a manageable size.





More information about the Snort-users mailing list