[Bro] Faster Bro Summary of Alerts
liburdi.joshua at gmail.com
Mon May 19 05:40:32 PDT 2014
Add this field to any notice interval you'd like to change:
By default notices are suppressed for one hour, but it can be overridden
with the line above. In practice that would look like ...
$msg=fmt("%s appears to be guessing SSH passwords (seen in %d
connections).", key$host, r$num),
On Sat, May 17, 2014 at 10:46 AM, Chris Lowson <lowson.chris at gmail.com>wrote:
> Hello Everyone,
> New to bro so please bare with me, but i can't seem to find my answer
> Can anyone tell me / point me in the direction to setup bro to have the
> alert notices come in every 5-10 mins and not hourly?
> I don't want to connection summary every 5 mins, that can stay every hour,
> I just want to see the SSH password guessing faster.
> Christopher Lowson
> Bro mailing list
> bro at bro-ids.org
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Bro