|Config File <Action Name>|
Actions tell what to do once an attack it detected. You can create up to 64
different actions. Actions are collections of responses, so if you want
certain rules to call your pager, just create an action with the appropriate
responses and call that action from a rule.
An Action looks like:
Actions are typically used in rules:
Alert console writes the alert message out to the screen. Usefull for watching
what Hogwash is doing at a glance.
Alert file writes the alert message out to a file.
Dump packet dumps the packet that generated the alert into a file. The
file is in tcpdump format and is readable via tcpdump or ethereal.
This instructs Hogwash to drop the packet that generated the alert. If
Hogwash is running in IDS mode, this option is ignored.
This is an experimental response that adds a route based on the source IP. It'll
get documented when it's finished.