Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Quick poll: favorite snort config?

From: "Petriz, Pablo" <ppetriz () siscat com ar>
Date: Wed, 15 Jan 2003 09:57:02 -0300
Subject: Re: [Snort-users] Quick poll: favorite snort config?
From: Shane Hickey <shane () howsyournetwork com>
Date: 14 Jan 2003 16:51:12 -0700

<snip>

I use swatch to watch syslog and e-mail me Priority: 1 alerts and Snort

<snip>


Shane,

I'm using swatch too but i'm having troubles with the throttle option:

Error: Date::Calc::Delta_DHMS(): not a valid time at
/root/.swatch_script.4390 line 227.

I've found a patch at http://plaza8.mbn.or.jp/~yswww/myself/swatch.patch,
but it didnĀ“t work. 

Throttle let swatch send only 1 message when more than 1 similar alerts
happens btwn a given time lapse.

Any ideas?


PABLO


-------------------------------------------------------
This SF.NET email is sponsored by: Take your first step towards giving
your online business a competitive advantage. Test-drive a Thawte SSL
certificate - our easy online guide will show you how. Click here to get
started: http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0027en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: