[Snort-users] AG

GDHough mr6re9 at ...6025...
Tue Nov 18 14:59:11 EST 2003


Alert Groups are a way for you to organize it all in some way that makes sense 
to you...I'm guessing. Some things like graphing will not function without 
Alert Groups. I think by putting an alert into an Alert Group, you are just 
name tagging it.

Once or twice a day I check for new alerts. I decide whether to keep them 
around or not. For some that I'm tracking, I designate an AG (give it a name 
and short description) and put it in. I just let ACID give the AG an ID, it 
starts at #1.

Use the AG's anyway you want to. Have an AG for a specific machine, a certain 
time of the day or base it on the rule itself. As far as I know, YOU have to 
create the groups and manually populate them.

On Tuesday 18 November 2003 10:52, M.D. DeWar wrote:
> Hello,
> I am trying to figure out the AG stuff.
> I tried setting up a Alert Group but no way I did it right.
> I could not find any doc on snort.org.
>
> were can I find out what to do and really what it does and all.

Do like I do and just hang out on the list and read the posts. After a couple 
years you'll have 15,000 or so posts to search for answers. Works for me.

farmer6re9
-- 
Eating Crow is better with MyCrowSauce





More information about the Snort-users mailing list