RE: alarm levels assigned to Snort rules

["Kohlenberg, Toby" <toby.kohlenberg () intel com>]

I believe this is a planned (already exists?) feature for Snort 1.8.
If you can't wait, you can try changing the messages to include a
tag that defines the priority then use swatch or logcheck to look
for those tags in the alert or syslog files and respond in any
way you like.

Toby

> -----Original Message-----
> From: tim.gray1 () firstunion com [mailto:tim.gray1 () firstunion com]
> Sent: Tuesday, June 26, 2001 12:07 PM
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] alarm levels assigned to Snort rules
>
>
> Is there a utility or resource out there which somehow, 
> (maybe by creating
> custom ruletypes), generates alarm levels for different attacks?
>
> Let me explain more: Say I want password-crack attack signatures to be
> considered a level 5 alarm, and if this signature is detected, it will
> execute a paging program and log the alarm to a database.
> If the attack signature is just an ftp attempt, I consider it 
> a level 2 and
> I want to only log the attempt to a file.
>
>  If anyone can provide some help with this, that would be a great.
>
> Tim
>
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users