Snort mailing list archives
Re: Alert vs. Log?
From: Erek Adams <erek () theadamsfamily net>
Date: Mon, 4 Mar 2002 15:15:16 -0800 (PST)
On Mon, 4 Mar 2002, Nels Lindquist wrote:
Okay, I'm confused.
That's Ok. I'm fusedcon.
What exactly is the difference between "log" and "alert?" I'm using snort 1.8.3 with the following output configuration in /etc/snort/snort.conf:
See: http://www.theadamsfamily.net/~erek/snort/logging_methods.txt [...snip...]
Now, I was under the impression that logging to a database was the desired behaviour, and that doing so would override the default logging to syslog, text file etc. However, alerts are still being recorded in /var/log/snort/alert in plain ASCII. I don't want 'em there; I'm using ACID to look at the alerts which are logged in the MySQL database.
[...snip...] Quick-n-Dirty answer: symlink /var/log/snort -> /dev/null Longer answer: Lemme peek at the source. :) Hope that helps some! Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alert vs. Log? Nels Lindquist (Mar 04)
- Re: Alert vs. Log? Erek Adams (Mar 04)
- Re: Alert vs. Log? Martin Roesch (Mar 04)
- Re: Alert vs. Log? Erek Adams (Mar 04)