only the "important stuff"

[Steven Crandell <steven.crandell () gmail com>]

Hi all,

I have snort running the way I want it to run, etc.  I'm also using
logcheck to watch the logs and email me when someone exceeds my
thresholds.  Anyway, I'm pretty satisfied with how all of that is
working.

This morning the president of the co. has asked that he -not- receive
the day to day alerts and would only like to receive alerts on
"successful" intrusions.

Are there certain rules that would never be triggered unless someone
actually gets into a monitored system?  Or anything along those lines?

I know this is a little off the wall, but any help/suggestions would
be greatly appreciated.

regards,
-- 
Steven Crandell
steven.crandell () gmail com


-------------------------------------------------------
This SF.net email is sponsored by: IT Product Guide on ITManagersJournal
Use IT products in your business? Tell us what you think of them. Give us
Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more
http://productguide.itmanagersjournal.com/guidepromo.tmpl
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users