Snort mailing list archives
Re: next snort task
From: Joel Esler <jesler () sourcefire com>
Date: Wed, 9 Sep 2009 14:04:56 -0400
On Wed, Sep 9, 2009 at 2:01 PM, Ron Kaye Jr <rekaye1005 () verizon net> wrote:
i am finally up and snorting away. base engine with graphing is working fine. 1) i am finding alerts i am not interested in, for example ... MISC UPnP malformed advertisement VOIP-SIP outbound 401 Unauthorized message protocol-command-decode VOIP-SIP inbound 401 Unauthorized message protocol-command-decode i want to filter them out. not sure how- wouldnt know which rule file generated these messages, and if i did, how to do it. Comment the rules out by placing a "#" in front of the rule you want to
shut off. Look at the first word in the rule to determine the file its in. MISC is in misc.rules VOIP is in voip.rules.
2) i would like the alerts to go to my email. i am a complete rookie here. heard of sendmail, received a vague reference to postfix, but have no clue. then have to send to an smtp relay server somewhere i'm guessin
Look into something like swatch, that will monitor a log file and email things to you if you wish. J
Ron Kaye Jr 914-7294734 ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- next snort task Ron Kaye Jr (Sep 09)
- Re: next snort task Joel Esler (Sep 09)
- Re: next snort task Jefferson, Shawn (Sep 09)