Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Snort setting off my pager

From: "Nick Duda" <nduda () VistaPrint com>
Date: Fri, 16 Jan 2004 16:00:06 -0500
This can be done pretty easy depending on your pager. I use Swatch to
send alerts to my pagers email address. Swatch can do thresholding also
making it "go easy on the pages". Swatch can be run in the background
and started on bootup.

- Nick 

-----Original Message-----
From: Michael W. Lucas [mailto:mwlucas () blackhelicopters org] 
Sent: Friday, January 16, 2004 3:00 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Snort setting off my pager


Hi,

I'm looking for a way to have Snort set off my pager under certain
circumstances -- say, when we get > attacks or >Y portscans per minute.

One tool I've seen is Snort Alert Manager, but I'm looking for something
that runs in a "daemon" or "cron" mode.  I don't think I have a single X
display continuously running in this facility, and I want to be able to
confirm it is still running correctly.

Is there a better enterprise-level tool out there for this sort of
real-time alerting, preferably one that supports different clipping
levels for different sorts of activity?

Thanks,

==ml

-- 
Michael Lucas           mwlucas () FreeBSD org,
mwlucas () BlackHelicopters org
Today's chance of throwing it all away to start a goat farm: 41.8%
                http://www.BlackHelicopters.org/~mwlucas/
           Absolute OpenBSD:   http://www.AbsoluteOpenBSD.com/


-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on
Open Tools Development and Integration See the breadth of Eclipse
activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




-------------------------------------------------------
The SF.Net email is sponsored by EclipseCon 2004
Premiere Conference on Open Tools Development and Integration
See the breadth of Eclipse activity. February 3-5 in Anaheim, CA.
http://www.eclipsecon.org/osdn
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: