[Snort-users] How to Use Throttle when using Swatch for duplicate email alerts
erek at ...950...
Wed Apr 9 13:28:05 EDT 2003
On Wed, 9 Apr 2003, Sudhakar Gummadi wrote:
> I am using swatch to generate email alerts from the alert file comparing
> the string /priority: 1/. In some instances the same alert is generated
> numerous times like 30 to 40 emails.
> I was wondering how can I specify using (throttle) for 10 to 15 min to
> ignore if it the same alert.
> Any examples would be really helpful.
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-users