alert messages

["Rodrigo B. Ramos" <rodrigo.ramos () triforsec com br>]

Hi!

Can anyone help me in the following job?

The X Company has more than 1000 machines (desktop and servers) on their
WAN. They installed snort as an IDS, they are logging remotely and
sending alerts by email and by sms to mobiles. 

What are the best steps to customize the alerts? The phone company
thought that the servers were doing some spam jobs. They send many, many
alerts and probably almost flood the phone phone company network.

What is the best way to tell the system to send alerts? Which math
should I use?

I know I can know have to disable some types of rules that just can't
affect the ambient, I know I can count packets by priorities, by type of
alerts, by packets, ... But what math can I use to send the alerts
without flooding mail boxes and mobiles?


Best Regards,
-- 
Rodrigo Buarque Ramos
GPG KEY ID: 0x71CFE098 --> http://pgp.mit.edu
Key fingerprint = F381 366D D233 22B4 7E72  A21D DE9B 2FF3 71CF E098
55 81 88513524
55 81 3463.1593
http://www.triforsec.com.br
http://www.defenselayer.com



-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users