Snort mailing list archives

Re: next snort task

From: Joel Esler <jesler () sourcefire com>
Date: Wed, 9 Sep 2009 14:04:56 -0400

On Wed, Sep 9, 2009 at 2:01 PM, Ron Kaye Jr <rekaye1005 () verizon net> wrote:

 i am finally up and snorting away.
base engine with graphing is working fine.

1) i am finding alerts i am not interested in,
for example ...

MISC UPnP malformed advertisement

VOIP-SIP outbound 401 Unauthorized message protocol-command-decode

VOIP-SIP inbound 401 Unauthorized message protocol-command-decode


i want to filter them out.

not sure how- wouldnt know which rule file generated these messages, and if
i did, how to do it.


Comment the rules out by placing a "#" in front of the rule you want to

shut off.  Look at the first word in the rule to determine the file its in.
 MISC is in misc.rules  VOIP is in voip.rules.

2) i would like the alerts to go to my email.

i am a complete rookie here.

heard of sendmail, received a vague reference to postfix, but have no clue.

then have to send to an smtp relay server somewhere i'm guessin

Look into something like swatch, that will monitor a log file and email
things to you if you wish.


J



Ron Kaye Jr
914-7294734


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day
trial. Simplify your report design, integration and deployment - and focus
on
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with 
Crystal Reports now.  http://p.sf.net/sfu/bobj-july

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

next snort task Ron Kaye Jr (Sep 09)
- Re: next snort task Joel Esler (Sep 09)
- Re: next snort task Jefferson, Shawn (Sep 09)