[Snort-users] Snort setting off my pager

Michael W. Lucas mwlucas at ...10903...
Fri Jan 16 12:41:03 EST 2004


Hi,

I'm looking for a way to have Snort set off my pager under certain
circumstances -- say, when we get > attacks or >Y portscans per
minute.

One tool I've seen is Snort Alert Manager, but I'm looking for
something that runs in a "daemon" or "cron" mode.  I don't think I
have a single X display continuously running in this facility, and I
want to be able to confirm it is still running correctly.

Is there a better enterprise-level tool out there for this sort of
real-time alerting, preferably one that supports different clipping
levels for different sorts of activity?

Thanks,

==ml

-- 
Michael Lucas		mwlucas at ...484..., mwlucas at ...10902...
Today's chance of throwing it all away to start a goat farm: 41.8%
		http://www.BlackHelicopters.org/~mwlucas/
           Absolute OpenBSD:   http://www.AbsoluteOpenBSD.com/




More information about the Snort-users mailing list