Re: Alerting

["George Chamales" <george () overt org>]

Richard,

We're currently using swatch to email out alerts based on outbound
connections/rate-limiting events seen from the firewall.  Syslog-ng is
being used to ferry them from the data-control machine to our logging
host.

Our config scripts are posted at:
http://honeynet.overt.org/index.php/Network-Based%20Monitoring

These are for swatch version 3.0.4 although looking at
http://swatch.sourceforge.net

there appears to be a new version.

Best of luck,

george