Snort mailing list archives
Alerting concept...
From: peter.grosse-hering () ps ge com
Date: Thu, 11 Dec 2003 05:21:54 -0500
Hi, currently we´re using 2 type of rules, the "alert" rules and the "log" rules and ignore rule priority completely. We log on alerts to syslog and use swatch to send out notifications. For statistical purpose, we log both kind of events to a mysql database. Is this a usual concept to distinguish between "alert" and "log" rules instead of priority or is it recommended to base notification on the rules priority? What are the advantages/disadvantages? Peter ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alerting concept... peter . grosse-hering (Dec 11)