mr6re9 at ...6025...
Tue Nov 18 14:59:11 EST 2003
Alert Groups are a way for you to organize it all in some way that makes sense
to you...I'm guessing. Some things like graphing will not function without
Alert Groups. I think by putting an alert into an Alert Group, you are just
name tagging it.
Once or twice a day I check for new alerts. I decide whether to keep them
around or not. For some that I'm tracking, I designate an AG (give it a name
and short description) and put it in. I just let ACID give the AG an ID, it
starts at #1.
Use the AG's anyway you want to. Have an AG for a specific machine, a certain
time of the day or base it on the rule itself. As far as I know, YOU have to
create the groups and manually populate them.
On Tuesday 18 November 2003 10:52, M.D. DeWar wrote:
> I am trying to figure out the AG stuff.
> I tried setting up a Alert Group but no way I did it right.
> I could not find any doc on snort.org.
> were can I find out what to do and really what it does and all.
Do like I do and just hang out on the list and read the posts. After a couple
years you'll have 15,000 or so posts to search for answers. Works for me.
Eating Crow is better with MyCrowSauce
More information about the Snort-users