Snort mailing list archives
Re: Snort setting off my pager
From: Jim Brown <jpb () sixshooter v6 thrupoint net>
Date: Sat, 17 Jan 2004 12:28:23 -0500
* Michael W. Lucas <mwlucas () blackhelicopters org> [2004-01-16 15:43]:
Hi, I'm looking for a way to have Snort set off my pager under certain circumstances -- say, when we get > attacks or >Y portscans per minute. One tool I've seen is Snort Alert Manager, but I'm looking for something that runs in a "daemon" or "cron" mode. I don't think I have a single X display continuously running in this facility, and I want to be able to confirm it is still running correctly. Is there a better enterprise-level tool out there for this sort of real-time alerting, preferably one that supports different clipping levels for different sorts of activity? Thanks, ==ml -- Michael Lucas mwlucas () FreeBSD org, mwlucas () BlackHelicopters org Today's chance of throwing it all away to start a goat farm: 41.8% http://www.BlackHelicopters.org/~mwlucas/ Absolute OpenBSD: http://www.AbsoluteOpenBSD.com/
Hi Michael, You're better off using some back end tools like swatch or SEC. I've used SEC in the past to do this. Very powerful tool. SEC homepage: http://www.estpak.ee/~risto/sec/ Hope this helps, jpb === ------------------------------------------------------- The SF.Net email is sponsored by EclipseCon 2004 Premiere Conference on Open Tools Development and Integration See the breadth of Eclipse activity. February 3-5 in Anaheim, CA. http://www.eclipsecon.org/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort setting off my pager Michael W. Lucas (Jan 16)
- Re: Snort setting off my pager Jim Brown (Jan 17)
- <Possible follow-ups>
- RE: Snort setting off my pager Nick Duda (Jan 16)