[Snort-users] anyone experience "throttle" issues with Swatch for Snort?

Hello,

I'm running snort 2.13 outputting to mysql and syslog which works get. =
I have setup swatch 3.1 to send me email alerts in real time .... I'm =
assuming lot of people are doing the same. (if not with swatch, with =
some other application like SEC)

However, I'm having issues with the Throttle command. It doesn't seem =
to work at all. I understand this is the snort mailing list but there =
is nothing I can find on the swatch homepage under the messages forum.

Here's an example:

watchfor /.*GNUTella/
throttle 00:30:00,use=3Dregex
mail blah@blah.com,Subject=3DSnort Alert - GNUTella traffic

I want to get an email for GNUTella alerts every 30 minuets....instead a =
get a whole flurry of them.
Is this a known bug in swatch and is everyone either:

1. ignoring it and does not mind the flurry of emails=20
2. using an older version of swatch which may have been patched
3. going with another application (ie SEC - simple event correlator =
http://simple-evcorr.sourceforge.net/)

Just wanted to know what the communtiy is using for real time email =
alerts.
Thanks,


Jason Truong
Plumtree Software
email: jason.truong@plumtree.com
(415) 399-7006




-------------------------------------------------------
This SF.Net email sponsored by Black Hat Briefings & Training.
Attend Black Hat Briefings & Training, Las Vegas July 24-29 -
digital self defense, top technical experts, no vendor pitches,
unmatched networking opportunities. Visit www.blackhat.com
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/...fo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.p...st=snort-users