Re: AG

[GDHough <mr6re9 () execulink com>]

Alert Groups are a way for you to organize it all in some way that makes sense 
to you...I'm guessing. Some things like graphing will not function without 
Alert Groups. I think by putting an alert into an Alert Group, you are just 
name tagging it.

Once or twice a day I check for new alerts. I decide whether to keep them 
around or not. For some that I'm tracking, I designate an AG (give it a name 
and short description) and put it in. I just let ACID give the AG an ID, it 
starts at #1.

Use the AG's anyway you want to. Have an AG for a specific machine, a certain 
time of the day or base it on the rule itself. As far as I know, YOU have to 
create the groups and manually populate them.

On Tuesday 18 November 2003 10:52, M.D. DeWar wrote:
> Hello,
> I am trying to figure out the AG stuff.
> I tried setting up a Alert Group but no way I did it right.
> I could not find any doc on snort.org.
>
> were can I find out what to do and really what it does and all.

Do like I do and just hang out on the list and read the posts. After a couple 
years you'll have 15,000 or so posts to search for answers. Works for me.

farmer6re9
-- 
Eating Crow is better with MyCrowSauce



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users