RE: activate dynamic

["Slighter, Tim" <tslighter () itc nrcs usda gov>]

I see that you understand the goal here.  Ultimately it would be a highly
useful feature in snort.  thanks

-----Original Message-----
From: Erek Adams [mailto:erek () snort org]
Sent: Tuesday, July 22, 2003 7:55 AM
To: Slighter, Tim
Cc: Snort-Users (E-mail)
Subject: RE: [Snort-users] activate dynamic


On Tue, 22 Jul 2003, Slighter, Tim wrote:

> yes precisely.  or the other way around too...where the number of times a
> rule is fired is counted and then to STOP alerting when it reaches a
certain
> threshold

Nope.  No thresholding of any type.

Now, there is a possible workaround...

Use swatch and it's 'throttle' option.  That will perform almost as you
want.  Then once that threshold is done, have swatch cause a very specific
alert that actually generates the data you want.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: VM Ware
With VMware you can run multiple operating systems on a single machine.
WITHOUT REBOOTING! Mix Linux / Windows / Novell virtual machines at the
same time. Free trial click here: http://www.vmware.com/wl/offer/345/0
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users