---

Monitoring and Dealing With Snort Alerts

[ Thanks to Lee
Schlesinger
for this link. ]

“Snort itself doesn’t actually do anything with its alerts, so
it’s important to make sure you have something in place to check
for them. You do have a choice of output modules, but (with one
exception, alert_unixsock, which I’ll talk more about later) these
only output to a file or a database. To monitor your chosen output
format, you have several third-party options, with Snort Alert
Monitor being one of the more popular ones, as it allows you to
configure email alerts among other output types. If you have
additional specific requirements, SAM exposes its API and is (at
least according to its author!) simple to extend.”


Complete Story

Get the Free Newsletter!

Subscribe to Developer Insider for top news, trends, & analysis