Notification limitation

[Jaime Nebrera <jnebrera () gmail com>]

   Hi all,

   Im aware this is a basic question but Im a bit lost.

   I would like to limit the number of alarms sent to a Snorby system in 
a general way (not specific to a particular rule).

   Something like this:

   For a particular event send no more than 3 per minute AND 6 per 5 minutes

   I want to apply this limit to ALL rules and events, thus wont get 
flooded by the same event many times in the same timeframe

   Of course this doesnt mean more events can reach the snorby box, but 
they will be different rules, not the same

   My I ask how to do this?

------------------------------------------------------------------------------
RSA(R) Conference 2012
Mar 27 - Feb 2
Save $400 by Jan. 27
Register now!
http://p.sf.net/sfu/rsa-sfdev2dev2
_______________________________________________
Snort-devel mailing list
Snort-devel () lists sourceforge net
https://lists.sourceforge.net/lists/listinfo/snort-devel

Please visit http://blog.snort.org for the latest news about Snort!