Snort mailing list archives
Re: Spade ---What gives
From: <bthaler () webstream net>
Date: Wed, 13 Mar 2002 12:32:22 -0500
Just to confirm, because neither FAQ is clear on this: I can have both: output database: alert, mysql, user=snort, dbname=snort_log host=localhost password=foo output database: log, mysql, user=snort, dbname=snort_log host=localhost password=foo at the same time, right? I changed my "log" to "alert" and the number of alerts dropped from about 1000 per hour to about 200... So I'm assuming that "alert" doesn't include "log". Right now, I'm using both "alert" and "log". Does it matter which is listed first in the snort.conf? Thanks for all the help, BTW. Sincerely, Brad T. ----- Original Message ----- From: "Erek Adams" <erek () theadamsfamily net> To: <bthaler () webstream net> Cc: <snort-users () lists sourceforge net> Sent: Wednesday, March 13, 2002 11:58 AM Subject: Re: [Snort-users] Spade ---What gives
On Wed, 13 Mar 2002 bthaler () webstream net wrote:Well, since I'm not using Acid, I would have no reason to look in the Acid FAQ's, would I?Ahhh... I didn't catch the original post that you sent over. I just saw the 'spade alerts' and 'database', so I assumed ACID. My bad.Perhaps this should be included in the *Snort* FAQ.....oh wait, it already is...doh! But to my own defense, this problem is listed as "Portscans are not being logged to my database", so a layperson like myself wouldn't know that this is the same problem.Layperson? Naaaa... That's only for people eating lots of Lays potato chips. ;-) Good point about adding/modifing the FAQ to note that the Spade stuff won't be logged as well. Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Spade ---What gives bthaler (Mar 12)
- Re: Spade ---What gives James Hoagland (Mar 12)
- Re: Spade ---What gives bthaler (Mar 13)
- Re: Spade ---What gives bthaler (Mar 13)
- Re: Spade ---What gives Erek Adams (Mar 13)
- Re: Spade ---What gives bthaler (Mar 13)
- Re: Spade ---What gives Erek Adams (Mar 13)
- Re: Spade ---What gives bthaler (Mar 13)
- Re: Spade ---What gives Erek Adams (Mar 13)
- Re: Spade ---What gives bthaler (Mar 13)
- Re: Alerts, Logs and DB's--Oh My! Erek Adams (Mar 13)
- Re: Spade ---What gives James Hoagland (Mar 12)