On Jul 20, 2011, NA wrote:
> Hello,
>
> With the default and slightly changed default config set up I am getting
> spammed by psad with just one scan. I received up to 60 emails before I
> deleted the scan from the logs. Is there something I can do to get just
> one email notice per incident?
Hi,
Yes, if you set the "ALERT_ALL" variable to "N" in the /etc/psad/psad.conf file,
then psad will only generate a new email for the same scanning source IP when
the IP reaches the next danger level (defined by the DANGER_LEVEL{n} variables).
Thanks,
--Mike
------------------------------------------------------------------------------
5 Ways to Improve & Secure Unified Communications
Unified Communications promises greater efficiencies for business. UC can
improve internal communications as well as offer faster, more efficient ways
to interact with customers and streamline customer service. Learn more!
http://www.accelacomm.com/jaw/sfnl/114/51426253/
_______________________________________________
psad-discuss mailing list
psad-discuss@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/psad-discuss
