Snort mailing list archives
Re: Output plugins -differences between logging methods?
From: Saad Kadhi <bsdguy () docisland org>
Date: 26 Jan 2002 00:24:20 +0100
[PLEASE DROP THE HTML EMAIL. THIS IS NOT NETIQUETTE-COMPLIANT] On Fri, 2002-01-25 at 17:39, Rockoff, Dan wrote:
I have successfully set up snort logging to a MySql database, and it has been running fine for over a month now with no problems. I am curious however what the differences are between the "output database: log, and output database: alert" functions. If I have both enabled, it looks like I get duplicate data for most hits with the exception of portscans. Should I just use alert, or am I losing something by not using the "log" facility?
Taken from http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5: Furthermore, there is a logging method and database type that must be defined. There are two logging types available, log and alert. Setting the type to log attaches the database logging functionality to the log facility within the program. If you set the type to log, the plugin will be called on the log output chain. Setting the type to alert attaches the plugin to the alert output chain within the program. Please see the documentation & FAQ on http://www.snort.org. They are pretty well written & you should find answers to a lot of questions that you may have before posting to this list. A good idea will be also to search the archives at: http://marc.theaimsgroup.com HTH -- /Saad -- [bsdguy () docisland org] [pgp keyid: 35592A6D http://pgp.mit.edu] # buy a geek-in-a-can, point nozzle at technical problem and spray # if desesperate degauss your screen. it might solve your pb as well _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Output plugins -differences between logging methods? Rockoff, Dan (Jan 25)
- Re: Output plugins -differences between logging methods? Saad Kadhi (Jan 25)