Re: alert messages

• Previous message: InfoSec: "RE: blocking p2p traffic"
• In reply to: Rodrigo B. Ramos: "alert messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "Rodrigo B. Ramos" <rodrigo.ramos@triforsec.com.br>
Date: Tue, 09 Mar 2004 12:48:48 +0100

Am Mi, 2004-03-03 um 19.52 schrieb Rodrigo B. Ramos:
> Hi!

Hi.

> Can anyone help me in the following job?
>
> The X Company has more than 1000 machines (desktop and servers) on their
> WAN. They installed snort as an IDS, they are logging remotely and
> sending alerts by email and by sms to mobiles.
>
> What are the best steps to customize the alerts? The phone company
> thought that the servers were doing some spam jobs. They send many, many
> alerts and probably almost flood the phone phone company network.
>
> What is the best way to tell the system to send alerts? Which math
> should I use?

First avoid sending every alert via SMS.
Second there are some papers out there about data reduction.
A simple example would be the syslogd code that collects equal
messages for a predefined timeinterval and write only one of them
to a log file with a note like: "The last messages appears 123 time."

Bye,
Thomas

---------------------------------------------------------------------------
Free 30-day trial: firewall with virus/spam protection, URL filtering, VPN,
wireless security

Protect your network against hackers, viruses, spam and other risks with Astaro
Security Linux, the comprehensive security solution that combines six
applications in one software solution for ease of use and lower total cost of
ownership.

Download your free trial at
http://www.securityfocus.com/sponsor/Astaro_focus-ids_040301
---------------------------------------------------------------------------

• Previous message: InfoSec: "RE: blocking p2p traffic"
• In reply to: Rodrigo B. Ramos: "alert messages"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]