Only monitor high severity alerts

[Tom Voussure <tom.voussure () gmail com>]

Hi,
I've installed Snort some days ago for the first time, so i'm still a newby :-)

I've configured a SPAN port to monitor all our incoming/outgoing traffic from the internet and got lots of alerts 
(around 50.000 in 3 days times).

As I can't review all of them, I would like to start concentrating on the high severity alerts only, and let the medium 
and low severity alerts untouched.

Is there an easy way to only monitor the high severity alerts or to download only rules for high severity alerts?

Thanks !
tom

------------------------------------------------------------------------------
LogMeIn Central: Instant, anywhere, Remote PC access and management.
Stay in control, update software, and manage PCs from one command center
Diagnose problems and improve visibility into emerging IT issues
Automate, monitor and manage. Do more in less time with Central
http://p.sf.net/sfu/logmein12331_d2d

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!