Snort mailing list archives
Feature Request
From: Maxim Gansert <Maxim.Gansert () bln1 siemens de>
Date: Mon, 24 Sep 2001 15:11:21 +0200
Hi * I'am testing Snort as a NIDS and i was quite happy until i realized, that Snort is far away from automatisation. As you might can imagine you won't look a whole day at the logs and make every minute a SQL - Query against a MySQL-DB. Features to be requested - Skript-Startup at a definite Level i would like to have the followin Options: Priority == 3 -> start /usr/snort/scripts/myPrio3Script Priority >= 6 -> start /usr/snort/Scripts/emailalert xyz () aaa bbb ccc ddd Priority >= 9 -> start /usr/snort/scripts/emailalert SecurityStaff emailalert: should inform a special user or a group, that you are under Attack. With some Information : SourceIP, DestinationIP, Type of Attack and Priority of this event. - automatic Archiving Skript-Startup at a definite Point size(alertlog) >= 1 MB /usr/snort/scripts/archivelog first(alertlog) >= 4 h /usr/snort/scripts/archivelog remain(mountpoint_space) <=10 MB /usr/snort/scripts/emailalert RanOutOfSpaceStaff - Have an Option to kill or log TCP Session or to manage a Router, for each Event (not Priority). So you can force a special policy for your Network(s). And also to have a first action against an offending user. If someone complains you can simply say, it was a mistake and the rules can be tuned, but it was/is a real threat against the policy. Ciao, Maxim _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Feature Request Maxim Gansert (Sep 24)
- Re: Feature Request Erek Adams (Sep 24)
- Re: Feature Request Maxim Gansert (Sep 24)
- Re: Feature Request Erek Adams (Sep 24)
- Re: Feature Request Maxim Gansert (Sep 24)
- Re: Feature Request Erek Adams (Sep 24)