[Snort-users] Snort setting off my pager
Michael W. Lucas
mwlucas at ...10903...
Fri Jan 16 12:41:03 EST 2004
I'm looking for a way to have Snort set off my pager under certain
circumstances -- say, when we get > attacks or >Y portscans per
One tool I've seen is Snort Alert Manager, but I'm looking for
something that runs in a "daemon" or "cron" mode. I don't think I
have a single X display continuously running in this facility, and I
want to be able to confirm it is still running correctly.
Is there a better enterprise-level tool out there for this sort of
real-time alerting, preferably one that supports different clipping
levels for different sorts of activity?
Michael Lucas mwlucas at ...484..., mwlucas at ...10902...
Today's chance of throwing it all away to start a goat farm: 41.8%
Absolute OpenBSD: http://www.AbsoluteOpenBSD.com/
More information about the Snort-users