Re: SMB alerts

[Jason Haar <Jason.Haar () trimble co nz>]

On Fri, Aug 13, 2004 at 02:14:04PM -0700, Scott Elgram wrote:
> would you or anyone happen to know why it was removed?

..because it's a really bad idea?

Seriously, it is. Why SMB and yet no SMTP? What about Jabber support?

The list is endless.

So instead, Snort focuses on generalized output formats like syslog and
SQL, and out-of-band tools (such as swatch for syslog) monitor those outputs
to trigger alerts.

To make snort faster, it pays to do less - not more.

I realise this means *you* (us) need to do more work in order to have the
solution you want (i.e. the Windows alerts is now your problem instead of
Snorts), but it's better to have the separation.

Maybe more contrib/ example scripts are needed to get people through this
issue - they do show up a lot.

I have a swatch+alerting-script I'm very happy with - but can't release it
as I'm too embarrassed :-)

-- 
Cheers

Jason Haar
Information Security Manager, Trimble Navigation Ltd.
Phone: +64 3 9635 377 Fax: +64 3 9635 417
PGP Fingerprint: 7A2E 0407 C9A6 CAF6 2B9F 8422 C063 5EBB FE1D 66D1


-------------------------------------------------------
SF.Net email is sponsored by Shop4tech.com-Lowest price on Blank Media
100pk Sonic DVD-R 4x for only $29 -100pk Sonic DVD+R for only $33
Save 50% off Retail on Ink & Toner - Free Shipping and Free Gift.
http://www.shop4tech.com/z/Inkjet_Cartridges/9_108_r285
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users