Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Alerting concept...

From: peter.grosse-hering () ps ge com
Date: Thu, 11 Dec 2003 05:21:54 -0500
Hi,

currently we´re using 2 type of rules, the "alert" rules and the "log" rules
and ignore rule priority completely. We log on alerts to syslog and use
swatch to send out notifications. For statistical purpose, we log both kind
of events to a mysql database.

Is this a usual concept to distinguish between "alert" and "log" rules
instead of priority or is it recommended to base notification on the rules
priority? What are the advantages/disadvantages?

Peter





-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: