Re: [Sguil-users] Sguil Client : Displaying Priority 1 Alerts Only
Status: Beta
Brought to you by:
bamm
Menu
▾
▴
Re: [Sguil-users] Sguil Client : Displaying Priority 1 Alerts Only
|
From: Bamm V. <bam...@gm...> - 2008-04-30 17:24:07
|
set RTPANES 2 set RTPANE_PRIORITY(0) "1" set RTPANE_PRIORITY(1) "2 3 4 5" That will put priority 1 alerts in pane 1 and the rest in pane 2. On Wed, Apr 30, 2008 at 10:56 AM, Ramon Hermida <rhe...@ut...> wrote: > > > > Hello fellow SGUIL-ers, > > I am trying to display a single alert pane on my client that would display > priority 1 alerts only. Is this possible? I have been changing the > following settings in my sguil.conf file: > > # Number of RealTime Event Panes > set RTPANES 2 > # Specify which priority events go into what pane > # According to the latest classification.config from snort, > # there are only 4 priorities. The sguil spp_portscan mod > # uses a priority of 5. > set RTPANE_PRIORITY(0) "1" > set RTPANE_PRIORITY(1) "" > set RTPANE_PRIORITY(2) "" > > But so far, I keep seeing alerts with all priorities being displayed in > that single pane. Suggestions welcomed and appreciated. > > Regards > > -RH > > ------------------------------------------------------------------------- > This SF.net email is sponsored by the 2008 JavaOne(SM) Conference > Don't miss this year's exciting event. There's still time to save $100. > Use priority code J8TL2D2. > > http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone > _______________________________________________ > Sguil-users mailing list > Sgu...@li... > https://lists.sourceforge.net/lists/listinfo/sguil-users > > -- sguil - The Analyst Console for NSM http://sguil.sf.net |