Re: alert notification mechanisms

[Ken Gunderson <kgunders () teamcool net>]

On Thursday 20 February 2003 01:17 pm, Erek Adams wrote:
> On Thu, 20 Feb 2003, Ken Gunderson wrote:
>
> [...snip...]
>
> > It seems there are two basic strategies for this; write alerts to
> > logs and doing some regexp post processing with the likes of swatch
> > or logsurfer, or pipe alerts through syslogd.  I've defaulted to
> > swatch in the past, but am interested in exploring more modern
> > options. Especially since the most recent release of swatch sports
> > the throttle bug.  Logsurfer can get get kind of fat on the
> > resources and get complex in a hurry.
>
> [...snip...]
>
> There is a third way.  Alert to a named pipe and have something on
> the other end that reads/watches the pipe.
>
> No, it's not perfect and it's not as mature as the other output
> methods, but it is there and works.

yes, i am aware of that as well.  what i really would appreciate is a 
synopsis of pros/cons for these various methods.  that is something 
i've not been able to google and would be way cool.  how are the snort 
gurus handling this?

TIA--
 
Best regards,

Ken Gunderson
PGP Key-- 9F5179FD

"They that can give up essential liberty to obtain a little temporary
safety deserve neither liberty nor safety."
     -Benjamin Franklin, Historical Review of Pennsylvania.


-------------------------------------------------------
This SF.net email is sponsored by: SlickEdit Inc. Develop an edge.
The most comprehensive and flexible code editor you can use.
Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial.
www.slickedit.com/sourceforge
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users