Snort mailing list archives
RE: mail notification
From: "Jason Truong" <Jason.Truong () plumtree com>
Date: Tue, 21 Dec 2004 10:21:42 -0800
I'm using swatch too and it works great...except for the damn
throttle/threshold. I can not get that to work.
Running swatch 3.1.1
Tried using:
throttle 00:00:30,use=regex
throttle threshold 5:180
throttle 00:00:30,use=message
Has anyone actually got throttling/threshold to actually work...and
please list a sample config. I would and I'm sure at least 10 people
would be interested.
Thank you,
Jason T.
Here are some examples:
watchfor /.*BitTorrent/
throttle 00:30:00,use=regex
mail ithelp () company com,Subject=Snort Alert - Bit Torrent
Application
ignore /.*NETBIOS SMB-DS Create AndX/
watchfor /.*[Pp]ortscan/
throttle 00:00:60,use=regex
mail user () company com,Subject=Snort Alert - Possible Portscan in
action
You don't use acid for this, you can use.. http://swatch.sourceforge.net/ Swatch. -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Esler, Joel - Contractor Sent: Tuesday, December 21, 2004 12:45 PM To: snort-users () lists sourceforge net Subject: RE: [Snort-users] mail notification How many drinks is this? Anyone know? -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jimmy Hayes Sent: Tuesday, December 21, 2004 12:37 PM To: snort-users () lists sourceforge net Subject: [Snort-users] mail notification Hello I just finished installing snort Version 2.2.0 (Build 30) with mysql database and ACID. My question is, I can see some alerts by going to my ACID site, but is there a way or an option on snort so That I can e-mail me when an alert is triggered? I tried looking in the manual but didn't find anything. thanks ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real
users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real
users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real
users.
Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=ort-users
------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- SF email is sponsored by - The IT Product Guide Read honest & candid reviews on hundreds of IT Products from real users. Discover which products truly live up to the hype. Start reading now. http://productguide.itmanagersjournal.com/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- RE: mail notification, (continued)
- RE: mail notification Bob Konigsberg (Dec 21)
- RE: mail notification Esler, Joel - Contractor (Dec 21)
- RE: mail notification David Alonso De La Vega Tapage (Dec 21)
- RE: mail notification Jeff Dell (Dec 21)
- RE: mail notification Anthony J Placilla (Dec 21)
- RE: mail notification David Alonso De La Vega Tapage (Dec 21)
- RE: mail notification Esler, Joel - Contractor (Dec 21)
- Re: mail notification Tim Slighter (Dec 21)
- RE: mail notification Schott, Erik J Mr ANOSC/FCBS (Dec 21)
- Re: mail notification Matthew K. Lee (Dec 21)
- RE: mail notification Harper, Patrick (Dec 21)
- RE: mail notification Jason Truong (Dec 21)
- RE: mail notification jlawson (Dec 21)
- RE: mail notification Esler, Joel - Contractor (Dec 21)
- RE: mail notification Schott, Erik J Mr ANOSC/FCBS (Dec 21)
- RE: mail notification Schott, Erik J Mr ANOSC/FCBS (Dec 21)
- Re: mail notification Wes Young (Dec 21)