Snort mailing list archives
alert messages
From: "Rodrigo B. Ramos" <rodrigo.ramos () triforsec com br>
Date: Wed, 03 Mar 2004 17:17:32 -0300
Hi! Can anyone help me in the following job? The X Company has more than 1000 machines (desktop and servers) on their WAN. They installed snort as an IDS, they are logging remotely and sending alerts by email and by sms to mobiles. What are the best steps to customize the alerts? The phone company thought that the servers were doing some spam jobs. They send many, many alerts and probably almost flood the phone phone company network. What is the best way to tell the system to send alerts? Which math should I use? I know I can know have to disable some types of rules that just can't affect the ambient, I know I can count packets by priorities, by type of alerts, by packets, ... But what math can I use to send the alerts without flooding mail boxes and mobiles? Best Regards, -- Rodrigo Buarque Ramos GPG KEY ID: 0x71CFE098 --> http://pgp.mit.edu Key fingerprint = F381 366D D233 22B4 7E72 A21D DE9B 2FF3 71CF E098 55 81 88513524 55 81 3463.1593 http://www.triforsec.com.br http://www.defenselayer.com ------------------------------------------------------- This SF.Net email is sponsored by: IBM Linux Tutorials Free Linux tutorial presented by Daniel Robbins, President and CEO of GenToo technologies. Learn everything from fundamentals to system administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- alert messages Rodrigo B. Ramos (Mar 03)