anyone experience "throttle" issues with Swatch for Snort?

["Jason Truong" <Jason.Truong () plumtree com>]

Hello,

I'm running snort 2.13 outputting to mysql and syslog which works get.  I have setup swatch 3.1 to send me email alerts 
in real time .... I'm assuming lot of people are doing the same. (if not with swatch, with some other application like 
SEC)

However, I'm having issues with the Throttle command.  It doesn't seem to work at all.  I understand this is the snort 
mailing list but there is nothing I can find on the swatch homepage under the messages forum.

Here's an example:

watchfor /.*GNUTella/
        throttle 00:30:00,use=regex
        mail blah () blah com,Subject=Snort Alert - GNUTella traffic

I want to get an email for GNUTella alerts every 30 minuets....instead a get a whole flurry of them.
Is this a known bug in swatch and is everyone either:

1. ignoring it and does not mind the flurry of emails 
2. using an older version of swatch which may have been patched
3. going with another application (ie SEC - simple event correlator http://simple-evcorr.sourceforge.net/)

Just wanted to know what the communtiy is using for real time email alerts.
Thanks,


Jason Truong
Plumtree Software
email: jason.truong () plumtree com
(415) 399-7006




-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users