[Snort-users] Snort and real-time alerting

Lay, James james.lay at ...15009...
Wed May 23 10:57:16 EDT 2012


> -----Original Message-----
> From: Jeronimo L. Cabral [mailto:jelocabral at ...11827...]
> Sent: Wednesday, May 23, 2012 8:52 AM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Snort and real-time alerting
> 
> Something else: suppose I use logsurfer/swatch/logwatch to alert in
> real time the Snorts events. Actually I have near 5 events per minute.
> 
> What is the criteria to take just a few number of critical events of
> Snort ??? Because I have 20.000 signatures...
> 

Have the watching app look for specific things...perhaps only certain
classifications ("A Network Trojan was Detected") or something of the
like.

James




More information about the Snort-users mailing list