[Snort-users] stopping snort
Don at ...5881...
Fri Dec 13 10:55:05 EST 2002
Has anyone found a way to stop snort, automatically, what i want to do is
have snort stop, if it gets more than 'x' alerts in a single hour, or some
time frame, then of course email me that it has stopped. i do go to syslog
with alerts. any suggestions. I have a particular sensor that periodically
starts alerting on something, that just causes a round robin effect, and
fills up the logs with the same error over and over and over, it gets really
boring actually. 'if' i can open the log. the logs have became as large as
2gig on occasion.
More information about the Snort-users