[Snort-users] RE: Quick poll: favorite snort config?

Petriz, Pablo ppetriz at ...3815...
Wed Jan 15 05:02:02 EST 2003

> Subject: Re: [Snort-users] Quick poll: favorite snort config?
> From: Shane Hickey <shane at ...5522...>
> Date: 14 Jan 2003 16:51:12 -0700
> <snip>
> I use swatch to watch syslog and e-mail me Priority: 1 alerts and Snort
> <snip>


I'm using swatch too but i'm having troubles with the throttle option:

Error: Date::Calc::Delta_DHMS(): not a valid time at
/root/.swatch_script.4390 line 227.

I've found a patch at http://plaza8.mbn.or.jp/~yswww/myself/swatch.patch,
but it didn´t work. 

Throttle let swatch send only 1 message when more than 1 similar alerts
happens btwn a given time lapse.

Any ideas?


More information about the Snort-users mailing list