Snort mailing list archives

Snort setting off my pager

From: "Michael W. Lucas" <mwlucas () blackhelicopters org>
Date: Fri, 16 Jan 2004 15:00:06 -0500


Hi,

I'm looking for a way to have Snort set off my pager under certain
circumstances -- say, when we get > attacks or >Y portscans per
minute.

One tool I've seen is Snort Alert Manager, but I'm looking for
something that runs in a "daemon" or "cron" mode.  I don't think I
have a single X display continuously running in this facility, and I
want to be able to confirm it is still running correctly.

Is there a better enterprise-level tool out there for this sort of
real-time alerting, preferably one that supports different clipping
levels for different sorts of activity?

Thanks,

==ml

-- 
Michael Lucas           mwlucas () FreeBSD org, mwlucas () BlackHelicopters org
Today's chance of throwing it all away to start a goat farm: 41.8%
                http://www.BlackHelicopters.org/~mwlucas/
           Absolute OpenBSD:   http://www.AbsoluteOpenBSD.com/


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort setting off my pager Michael W. Lucas (Jan 16)
- Re: Snort setting off my pager Jim Brown (Jan 17)
- <Possible follow-ups>
- RE: Snort setting off my pager Nick Duda (Jan 16)