Re: alert messages

From: Thomas (TheTom_at_UnixIsNot4Dummies.ORG)
Date: 03/09/04

  • Next message: Michael Stone: "Re: blocking p2p traffic"
    To: "Rodrigo B. Ramos" <>
    Date: Tue, 09 Mar 2004 12:48:48 +0100

    Am Mi, 2004-03-03 um 19.52 schrieb Rodrigo B. Ramos:
    > Hi!


    > Can anyone help me in the following job?
    > The X Company has more than 1000 machines (desktop and servers) on their
    > WAN. They installed snort as an IDS, they are logging remotely and
    > sending alerts by email and by sms to mobiles.
    > What are the best steps to customize the alerts? The phone company
    > thought that the servers were doing some spam jobs. They send many, many
    > alerts and probably almost flood the phone phone company network.
    > What is the best way to tell the system to send alerts? Which math
    > should I use?

    First avoid sending every alert via SMS.
    Second there are some papers out there about data reduction.
    A simple example would be the syslogd code that collects equal
    messages for a predefined timeinterval and write only one of them
    to a log file with a note like: "The last messages appears 123 time."


    Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
    wireless security

    Protect your network against hackers, viruses, spam and other risks with Astaro
    Security Linux, the comprehensive security solution that combines six
    applications in one software solution for ease of use and lower total cost of

    Download your free trial at

  • Next message: Michael Stone: "Re: blocking p2p traffic"