[Snort-users] Snort setting off my pager

Michael W. Lucas mwlucas at ...10903...
Fri Jan 16 12:41:03 EST 2004


I'm looking for a way to have Snort set off my pager under certain
circumstances -- say, when we get > attacks or >Y portscans per

One tool I've seen is Snort Alert Manager, but I'm looking for
something that runs in a "daemon" or "cron" mode.  I don't think I
have a single X display continuously running in this facility, and I
want to be able to confirm it is still running correctly.

Is there a better enterprise-level tool out there for this sort of
real-time alerting, preferably one that supports different clipping
levels for different sorts of activity?



Michael Lucas		mwlucas at ...484..., mwlucas at ...10902...
Today's chance of throwing it all away to start a goat farm: 41.8%
           Absolute OpenBSD:   http://www.AbsoluteOpenBSD.com/

More information about the Snort-users mailing list