snort and auto-alert?
Hello list,
I've installed snort on woody and it runs normally.
Is there anyway to make snort to work with some alert system so that
when a portscan or other attack behaviro occures, it calls the alert
system to page the system admin. or send email to system admin?
I need real time alert. It seems there's only cron analysis solution?
Another question. Can snort define a certain unnormal http access
behavior pattern, say, one single IP access on single URL multiple times
in EVERY second? If not, is there any opensource software can achieve
that?
--
Patrick Hsieh <pahud@pahud.net>
--
To UNSUBSCRIBE, email to debian-user-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: