Ron Kaye Jr on 9 Sep 2009 11:01:49 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

[PLUG] next snort task

i am finally up and snorting away.
base engine with graphing is working fine.

1) i am finding alerts i am not interested in,
for example ...

MISC UPnP malformed advertisement

VOIP-SIP outbound 401 Unauthorized message protocol-command-decode

VOIP-SIP inbound 401 Unauthorized message protocol-command-decode

i want to filter them out.

not sure how- wouldnt know which rule file generated these messages, and if i did, how to do it.

2) i would like the alerts to go to my email.

i am a complete rookie here.

heard of sendmail, received a vague reference to postfix, but have no clue.

then have to send to an smtp relay server somewhere i'm guessin

Ron Kaye Jr
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --