Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: ACID inputting from alerts?

From: roman () danyliw com
Date: Wed, 9 May 2001 15:59:37 US/Eastern
Scott,

If you are logging to a database, the "full" alert functionality is 
enabled by default by the database plug-in.  Look at the "detail"
configuration parameter of the database plug-in documented
in README.database.

cheers,
Roman


I'm sure this is possible, I just haven't seen it in the FAQ's yet --
how can I populate my ACID databases with the Full format alert file?

Or can one?  I realize you lose packet payloads, but the rest of it
should still be possible...

Thanks,
Scott


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users





---------------------------------------------
This message was sent using Voicenet WebMail.
      http://www.voicenet.com/webmail/



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: