Re: Snort and real-time alerting

[JJC <cummingsj () gmail com>]

Tune that system.. I can fairly safely assume that if you have 20,000
rules enabled, you are looking for attacks against stuff that you
don't have.

JJC

On Wed, May 23, 2012 at 8:51 AM, Jeronimo L. Cabral
<jelocabral () gmail com> wrote:
> Something else: suppose I use logsurfer/swatch/logwatch to alert in
> real time the Snorts events. Actually I have near 5 events per minute.
>
> What is the criteria to take just a few number of critical events of
> Snort ??? Because I have 20.000 signatures...
>
> On Wed, May 23, 2012 at 11:40 AM, Jeronimo L. Cabral
> <jelocabral () gmail com> wrote:
> > What about Swatch ??? Is it more appropriate ???
> >
> > On Wed, May 23, 2012 at 11:13 AM, Lay, James <james.lay () wincofoods com> wrote:
> > > > -----Original Message-----
> > > > From: Jeronimo L. Cabral [mailto:jelocabral () gmail com]
> > > > Sent: Wednesday, May 23, 2012 8:10 AM
> > > > To: snort-users () lists sourceforge net
> > > > Subject: [Snort-users] Snort and real-time alerting
> > > >
> > > > Dear, I have a Snort 2.9 with Base running OK, but I need a real time
> > > > alerting mechanism via email if possible.
> > > >
> > > > How can I do that ??? Any extra module to use in that way ???
> > > >
> > > > Special thanks
> > > >
> > > > JeLo
> > >
> > > Log to fast alert then use wots/logsurfer/logwatch to tail/watch the
> > > file and email out.  Assuming linux/BSD/OSX.
> > >
> > > James
> > >
> > > ------------------------------------------------------------------------------
> > > Live Security Virtual Conference
> > > Exclusive live event will cover all the ways today's security and
> > > threat landscape has changed and how IT managers can respond. Discussions
> > > will include endpoint security, mobile security and the latest in malware
> > > threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> > > _______________________________________________
> > > Snort-users mailing list
> > > Snort-users () lists sourceforge net
> > > Go to this URL to change user options or unsubscribe:
> > > https://lists.sourceforge.net/lists/listinfo/snort-users
> > > Snort-users list archive:
> > > http://www.geocrawler.com/redir-sf.php3?list=snort-users
> > >
> > > Please visit http://blog.snort.org to stay current on all the latest Snort news!
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!