Re: alert

["snortlst snortlst" <snortlst () hotmail com>]

You see, I'm trying to be a good boy and look into FAQ before asking stupid
questions, I looked into FAQ and they didn't tell  for example that all
alerts are put into the alert file. It's just my guess and I'm sure if it's
right or wrong.Snort pdf also misses a lot of 'newbie' things.So I think
it's a legitimate question to ask.....
And that's strange attitude, like 'Hey, go back and check documentation'
(which actually misses some things)
Thanks anyway.

eliyah lovkoff
ccse,ccna,cca,cne4,5, lpic-1,mcse (just trying to say I'm not a complete
idiot)


----- Original Message -----
From: "Chris Green" <cmg () uab edu>
To: "snortlst snortlst" <snortlst () hotmail com>
Cc: <snort-users () lists sourceforge net>
Sent: Tuesday, October 16, 2001 2:20 PM
Subject: Re: [Snort-users] alert


> "snortlst snortlst" <snortlst () hotmail com> writes:
>
> > Snorts log everything in /var/log/snort
> > I see there alert file and directopries with ip addresses naming
convention.
> > (NDIS mode)
> > Is that correct to say that ALL alerts are put into alert file and I
> > shouldn't browse all those directories?
> > What those directories (ip addresses) are for?
>
> Decoded packet dumps.  Will add this to the documentation.
> --
> Chris Green <cmg () uab edu>
> This is my signature. There are many like it but this one is mine.
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users