Snort mailing list archives

Re: How to Use Throttle when using Swatch for duplicate email alerts

From: Erek Adams <erek () snort org>
Date: Wed, 9 Apr 2003 16:26:40 -0400 (EDT)

On Wed, 9 Apr 2003, Sudhakar Gummadi wrote:

I am using swatch to generate email alerts from the alert file comparing
the string  /priority: 1/. In some instances the same alert is generated
numerous times like 30 to 40 emails.

I was wondering how can I specify using (throttle) for 10 to 15 min to
ignore if it the same alert.

Any examples would be really helpful.


http://www.theadamsfamily.net/~erek/snort/snort-swatch.txt

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

How to Use Throttle when using Swatch for duplicate email alerts Sudhakar Gummadi (Apr 09)
- Re: How to Use Throttle when using Swatch for duplicate email alerts Sam Evans (Apr 09)
- Re: How to Use Throttle when using Swatch for duplicate email alerts Erek Adams (Apr 09)
- <Possible follow-ups>
- RE: How to Use Throttle when using Swatch for duplicate email alerts Hutchinson, Andrew (Apr 10)