Snort mailing list archives
Re: ACID inputting from alerts?
From: roman () danyliw com
Date: Wed, 9 May 2001 15:59:37 US/Eastern
Scott, If you are logging to a database, the "full" alert functionality is enabled by default by the database plug-in. Look at the "detail" configuration parameter of the database plug-in documented in README.database. cheers, Roman
I'm sure this is possible, I just haven't seen it in the FAQ's yet -- how can I populate my ACID databases with the Full format alert file? Or can one? I realize you lose packet payloads, but the rest of it should still be possible... Thanks, Scott _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
--------------------------------------------- This message was sent using Voicenet WebMail. http://www.voicenet.com/webmail/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- ACID inputting from alerts? Scott A. McIntyre (May 09)
- <Possible follow-ups>
- Re: ACID inputting from alerts? roman (May 09)
- Re: ACID inputting from alerts? Scott A. McIntyre (May 09)