Snort mailing list archives
only the "important stuff"
From: Steven Crandell <steven.crandell () gmail com>
Date: Tue, 26 Oct 2004 09:34:56 -0700
Hi all, I have snort running the way I want it to run, etc. I'm also using logcheck to watch the logs and email me when someone exceeds my thresholds. Anyway, I'm pretty satisfied with how all of that is working. This morning the president of the co. has asked that he -not- receive the day to day alerts and would only like to receive alerts on "successful" intrusions. Are there certain rules that would never be triggered unless someone actually gets into a monitored system? Or anything along those lines? I know this is a little off the wall, but any help/suggestions would be greatly appreciated. regards, -- Steven Crandell steven.crandell () gmail com ------------------------------------------------------- This SF.net email is sponsored by: IT Product Guide on ITManagersJournal Use IT products in your business? Tell us what you think of them. Give us Your Opinions, Get Free ThinkGeek Gift Certificates! Click to find out more http://productguide.itmanagersjournal.com/guidepromo.tmpl _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- only the "important stuff" Steven Crandell (Oct 26)
- Re: only the "important stuff" Jason Haar (Oct 26)
- <Possible follow-ups>
- RE: only the "important stuff" SN ORT (Oct 26)
- RE: only the "important stuff" M. Shirk (Oct 26)
- RE: only the "important stuff" Jacques Brierre (Oct 26)
- RE: only the "important stuff" Orit Vidas (Oct 26)