We are currently running Snort & ACID to monitor our DMZ. One thing I would like to do, and my techies here aren't sure how to do it, is send out a page if an attacked is detected. Ideally, I would like it configured so if multiple "Unique Alerts" are detected coming from the same IP address in a fixed period of time (say 5 or 10 minutes) then issue a page to one or more pagers.

Has anyone set-up snort in this way and if so, could you please give me some ideas on how to tackle this.

Cheers & Thanks