RE: strange logging

["John Berkers" <berjo () ozemail com au>]

Guido,

That would be because you specified the alert tag on the snmp output option.
Using alert logs more that just the standard alerts.  Things such as
portscans are also logged if you specify 'alert'.  Either use

output database: log, postgresql, user=xxx password=yyy dbname=snort
host=localhost
output trap_snmp: log, 1, trap -v 2c -p 162 myHost public

or

output database: alert, postgresql, user=xxx password=yyy dbname=snort
host=localhost
output trap_snmp: alert, 1, trap -v 2c -p 162 myHost public

That should fix your problem.

Regards,

John Berkers                                       ICQ: 112912
Network Operations Infrastructure Support - Hansen Corporation
john.berkers () hancorp com au               berjo () ozemail com au
-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of Guido Dolci
Sent: Sunday, 26 August 2001 5:16
To: snort-users () lists sourceforge net
Subject: [Snort-users] strange logging


Hi,

I have a problem with version 1.8.1 ... I log both to snmp and to postgres
having:

output database: log, postgresql, user=xxx password=yyy dbname=snort
host=localhost
output trap_snmp: alert, 1, trap -v 2c -p 162 myHost public

Now, I have noticed that the snmp logs contain more entries than the
postgres logs....that is lots of alerts are not logged on postgres.
Any idea?

Guido


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users