Snort mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Syslog Priority Classification

From: "Esler, Joel - Contractor" <joel.esler () rcert-s army mil>
Date: Thu, 28 Apr 2005 09:57:22 -0400
It depends on the classification in the rule.  "Classification:"  the
entries match up with classification.config, which, in turn assigns them
a number (1,2,3) thusly, your priority.

Joel

-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net] On Behalf Of Peter
Barton
Sent: Wednesday, April 27, 2005 11:41 AM
To: snort-users () lists sourceforge net
Subject: [Snort-users] Syslog Priority Classification


Hello all, I am attempting to determine the way Snort classifies alerts
as Priority 1, Priority 2 or Priority 3 when it is logging to syslog.  I
need to be able to validate what is getting reported to me with swatch,
but I can't do that until I know what the criteria is for Priority 1
alerts.

If someone could point me in the right direction I would be greatly
appreciative.

Thank you,

----
Peter Barton
Network Manager
IESI Corporation
Work: (817)632-4000 
Fax: (817)632-4047


-------------------------------------------------------
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net Plus
IDC's 2005 look-ahead and a copy of this survey Click here to start!
http://www.idcswdc.com/cgi-bin/survey?id5hix
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=ort-users


-------------------------------------------------------
SF.Net email is sponsored by: Tell us your software development plans!
Take this survey and enter to win a one-year sub to SourceForge.net
Plus IDC's 2005 look-ahead and a copy of this survey
Click here to start!  http://www.idcswdc.com/cgi-bin/survey?id5hix
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: