Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: anyone experience "throttle" issues with Swatch for Snort?

From: "Mitchell, Jason" <jason.mitchell () seattlechildrens org>
Date: Thu, 15 Jul 2004 15:13:04 -0700
I have the same problem with swatch 3.1.  Moreover, trying to use threshold
as an alternative dies with an "Undefined subroutine &main::threshold" error
as soon as it sees a match.

Anyone have any ideas?  Or could point me to some decent documentation on
swatch?

Thanks!


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Jason Truong
Sent: Friday, July 02, 2004 1:38 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] anyone experience "throttle" issues with Swatch for
Snort?

Hello,

I'm running snort 2.13 outputting to mysql and syslog which works get.  I
have setup swatch 3.1 to send me email alerts in real time .... I'm assuming
lot of people are doing the same. (if not with swatch, with some other
application like SEC)

However, I'm having issues with the Throttle command.  It doesn't seem to
work at all.  I understand this is the snort mailing list but there is
nothing I can find on the swatch homepage under the messages forum.

Here's an example:

watchfor /.*GNUTella/
        throttle 00:30:00,use=regex
        mail blah () blah com,Subject=Snort Alert - GNUTella traffic

I want to get an email for GNUTella alerts every 30 minuets....instead a get
a whole flurry of them.
Is this a known bug in swatch and is everyone either:

1. ignoring it and does not mind the flurry of emails 
2. using an older version of swatch which may have been patched
3. going with another application (ie SEC - simple event correlator
http://simple-evcorr.sourceforge.net/)

Just wanted to know what the communtiy is using for real time email alerts.
Thanks,


Jason Truong
Plumtree Software
email: jason.truong () plumtree com
(415) 399-7006




-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_idG21&alloc_id040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

CONFIDENTIALITY NOTICE: This e-mail message, including any attachments, is for the sole use of the intended 
recipient(s) and may contain confidential, proprietary, and/or privileged information protected by law. If you are not 
the intended recipient, you may not use, copy, or distribute this e-mail message or its attachments. If you believe you 
have received this e-mail message in error, please contact the sender by reply e-mail and destroy all copies of the 
original message. 


-------------------------------------------------------
This SF.Net email is sponsored by BEA Weblogic Workshop
FREE Java Enterprise J2EE developer tools!
Get your free copy of BEA WebLogic Workshop 8.1 today.
http://ads.osdn.com/?ad_id=4721&alloc_id=10040&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: