[Snort-users] How to Use Throttle when using Swatch for duplicate email alerts

Erek Adams erek at ...950...
Wed Apr 9 13:28:05 EDT 2003

On Wed, 9 Apr 2003, Sudhakar Gummadi wrote:

> I am using swatch to generate email alerts from the alert file comparing
> the string  /priority: 1/. In some instances the same alert is generated
> numerous times like 30 to 40 emails.
> I was wondering how can I specify using (throttle) for 10 to 15 min to
> ignore if it the same alert.
> Any examples would be really helpful.



Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

More information about the Snort-users mailing list