Snort mailing list archives
Re: Spade Alerts
From: James Hoagland <jim () SiliconDefense com>
Date: Sat, 1 Mar 2003 06:41:21 -0800
Mahdi,I'm not sure what you mean by the style of the alert changing. Perhaps you can give concrete examples.
In any case, the README.Spade file shows the format for the two different types of message strings you will get from Spade. (The rest of the alert is the same as signature alert.) The Usage.Spade file lists the activity descriptions (part of one of the message strings) that specific spade detector types will produce (look under the section describing any detector types you have enabled).
Best regards, Jim At 11:55 PM -0800 2/28/03, Mahdi Kefayati wrote:
In the Name of the Dearest Hi all, I've setup an snort instance and came up with starting and configuration problem and got it to report to mysql database. As I compared my alerts to the alert examples to documents the style of alerts is somehow changed. I have enabled threshold adaption but i do not know what I must see as threshold adaption alerts. If anyone has any kind of table for the alerts that can be seen, please, send it to me. Regards, Mahdi Kefayati __________________________________________________ Do you Yahoo!? Yahoo! Tax Center - forms, calculators, tips, more http://taxes.yahoo.com/ ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- |* Jim Hoagland, Associate Researcher, Silicon Defense *| |* --- Silicon Defense: The Cyberwar Defense Company --- *| |* jim () SiliconDefense com, http://www.silicondefense.com/ *| |* Voice: (530) 756-7317 Fax: (530) 756-7297 *| ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Spade Alerts Mahdi Kefayati (Mar 01)
- Re: Spade Alerts James Hoagland (Mar 01)