Setting up notifications in Snort

["Paul Martin" <pmartin () hgvc com>]

I have recently implemented Snort v2.1.2 on 2 boxes, reporting to one
central MySQL database, using ACID for logfile analysis  We'd like to
take a more proactive stance towards intrusion detection and have a way
to have Snort (or a plugin) notify us via SNMP/email/SMS/etc whenever a
certain condition is met.  I've looked at SnortSNMP, but it doesn't seem
to have anything beyond 2.1.0 as far as functionality.  I'd hate to drop
back software versions for the sake of SNMP, but will if I have to.  My
question is twofold:
 
1)       What plugins are out there that will allow Snort to notify me
when a certain condition is met?  Don't care how (SNMP/email/whatever),
just need a method of notification.
2)       Does anyone have a recommended setup for Snort?  I know that
it's going to be unique to every situation, but there have to be some
accepted practices in terms of setup.  As it stands, everything that
comes across the wire seems to be getting logged, which is good, but I
need to trim it down.  Thoughts, anyone?
 
Thanks for any assistance.
 
Paul Martin
Network Technician