|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Martin Roesch (roesch
md.prestige.net)Date: Sun Mar 25 2001 - 20:45:07 CST
-- Martin Roesch roesch
attached mail follows:
Read the snort.conf file and setup your own severity keywords for the alerting system. Check out the beginning of section 3...
-Marty
Juergen Schmidt wrote:
>
> Hello,
>
> I'm seeing quite a lot of alerts on my box, as people keep poking around
> the server, looking for holes. I don not want to shut those messages
> down, as I want to get a feeling for what people are trying.
> On the other hand, this flood keeps me from seeing *serious* alerts, for
> example from handcrafted rules, that indicate with high propability an
> intrusion.
>
> So what I really want are alert-priorities. Are there any plans for
> this?
>
> My workaround right now is to code this into the Message (something like
> msg:"CRITICAL: directory listing") and search in Acid for "CRITICAL".
> But I want to see those alarms on the first glance -- not after doing a
> time consuming search.
>
> bye, ju
>
> --
> Juergen Schmidt Leitender Redakteur/senior editor c't magazin
> Verlag Heinz Heise GmbH & Co KG, Helstorferstr. 7, D-30625 Hannover
> EMail: juct.heise.de - Tel.: +49 511 5352 300 - FAX: +49 511 5352 417
> PGP-Key available
>
> _______________________________________________
> Snort-users mailing list
> Snort-userslists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
-- Martin Roesch roesch_______________________________________________ Snort-users mailing list Snort-users
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]