Snort mailing list archives
RE: strange logging
From: "John Berkers" <berjo () ozemail com au>
Date: Sun, 26 Aug 2001 13:05:13 +1000
Guido, That would be because you specified the alert tag on the snmp output option. Using alert logs more that just the standard alerts. Things such as portscans are also logged if you specify 'alert'. Either use output database: log, postgresql, user=xxx password=yyy dbname=snort host=localhost output trap_snmp: log, 1, trap -v 2c -p 162 myHost public or output database: alert, postgresql, user=xxx password=yyy dbname=snort host=localhost output trap_snmp: alert, 1, trap -v 2c -p 162 myHost public That should fix your problem. Regards, John Berkers ICQ: 112912 Network Operations Infrastructure Support - Hansen Corporation john.berkers () hancorp com au berjo () ozemail com au -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Guido Dolci Sent: Sunday, 26 August 2001 5:16 To: snort-users () lists sourceforge net Subject: [Snort-users] strange logging Hi, I have a problem with version 1.8.1 ... I log both to snmp and to postgres having: output database: log, postgresql, user=xxx password=yyy dbname=snort host=localhost output trap_snmp: alert, 1, trap -v 2c -p 162 myHost public Now, I have noticed that the snmp logs contain more entries than the postgres logs....that is lots of alerts are not logged on postgres. Any idea? Guido _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- strange logging Guido Dolci (Aug 25)
- RE: strange logging John Berkers (Aug 25)