Hello,

I'm seeing quite a lot of alerts on my box, as people keep poking around
the server, looking for holes. I don not want to shut those messages
down, as I want to get a feeling for what people are trying.
On the other hand, this flood keeps me from seeing *serious* alerts, for
example from handcrafted rules, that indicate with high propability an
intrusion.

So what I really want are alert-priorities. Are there any plans for
this?

My workaround right now is to code this into the Message (something like
msg:"CRITICAL: directory listing") and search in Acid for "CRITICAL".
But I want to see those alarms on the first glance -- not after doing a
time consuming search.

bye, ju

-- 
Juergen Schmidt   Leitender Redakteur/senior editor  c't magazin
Verlag Heinz Heise GmbH & Co KG, Helstorferstr. 7, D-30625 Hannover
EMail: juct.heise.de - Tel.: +49 511 5352 300 - FAX: +49 511 5352 417
PGP-Key available
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]