O'Reilly logo

Intrusion Detection with Snort by Jack Koziol

Stay ahead with the world's most comprehensive technology and business learning platform.

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, tutorials, and more.

Start Free Trial

No credit card required

Prioritization of Alerts

Before getting into the details of deploying real-time alerting capability for Snort, you must decide which alerts are critical enough for you to be notified of. Snort is versatile in the prioritization of alerts; you can select individual rule categories for which you want to be notified. You can also select individual rules to be notified of as well. A priority specified in a rule overrides any specified in the rule's category.

The alerting application, be it syslog-ng or swatch, monitors the log for a specific string. When this string is found, it executes the mailing application and sends an email with data from the actual alert. The string for which you should set these applications to search is the priority level ...

With Safari, you learn the way you learn best. Get unlimited access to videos, live online training, learning paths, books, interactive tutorials, and more.

Start Free Trial

No credit card required