[Snort-users] Snort and real-time alerting

JJC cummingsj at ...11827...
Wed May 23 15:45:19 EDT 2012


Tune that system.. I can fairly safely assume that if you have 20,000
rules enabled, you are looking for attacks against stuff that you
don't have.

JJC

On Wed, May 23, 2012 at 8:51 AM, Jeronimo L. Cabral
<jelocabral at ...11827...> wrote:
> Something else: suppose I use logsurfer/swatch/logwatch to alert in
> real time the Snorts events. Actually I have near 5 events per minute.
>
> What is the criteria to take just a few number of critical events of
> Snort ??? Because I have 20.000 signatures...
>
> On Wed, May 23, 2012 at 11:40 AM, Jeronimo L. Cabral
> <jelocabral at ...11827...> wrote:
>> What about Swatch ??? Is it more appropriate ???
>>
>> On Wed, May 23, 2012 at 11:13 AM, Lay, James <james.lay at ...15009...> wrote:
>>>> -----Original Message-----
>>>> From: Jeronimo L. Cabral [mailto:jelocabral at ...11827...]
>>>> Sent: Wednesday, May 23, 2012 8:10 AM
>>>> To: snort-users at lists.sourceforge.net
>>>> Subject: [Snort-users] Snort and real-time alerting
>>>>
>>>> Dear, I have a Snort 2.9 with Base running OK, but I need a real time
>>>> alerting mechanism via email if possible.
>>>>
>>>> How can I do that ??? Any extra module to use in that way ???
>>>>
>>>> Special thanks
>>>>
>>>> JeLo
>>>
>>> Log to fast alert then use wots/logsurfer/logwatch to tail/watch the
>>> file and email out.  Assuming linux/BSD/OSX.
>>>
>>> James
>>>
>>> ------------------------------------------------------------------------------
>>> Live Security Virtual Conference
>>> Exclusive live event will cover all the ways today's security and
>>> threat landscape has changed and how IT managers can respond. Discussions
>>> will include endpoint security, mobile security and the latest in malware
>>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>>> _______________________________________________
>>> Snort-users mailing list
>>> Snort-users at lists.sourceforge.net
>>> Go to this URL to change user options or unsubscribe:
>>> https://lists.sourceforge.net/lists/listinfo/snort-users
>>> Snort-users list archive:
>>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>>>
>>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!




More information about the Snort-users mailing list