I like the idea, monitoring snort inside zabbix. Then we should see on the map and in the triggers, that a host has more than 5 attacks last 5 min, that would be verry cool.
I use snort in combination with mysql, there is a database with the name "snort", and there's a table with the name "event", with items and a value timestamp in it. So we can count the items with timestamp less then 5 minutes, if the items are more then 10,..trigger and show it.
Is there a way to do this with or without mysql ?
I'am not sure where to start, or what my options are, maybe this cannot work at the first place.
I use snort in combination with mysql, there is a database with the name "snort", and there's a table with the name "event", with items and a value timestamp in it. So we can count the items with timestamp less then 5 minutes, if the items are more then 10,..trigger and show it.
Is there a way to do this with or without mysql ?
I'am not sure where to start, or what my options are, maybe this cannot work at the first place.