![snort logo](/images/snort-logo.png)
Snort mailing list archives
Stupid question, as in I ought to know the answer to this.
From: Phil Wood <cpw () lanl gov>
Date: Tue, 25 Jun 2002 10:35:09 -0600
Here is what I want to do: 1. log alerts to binary file 2. log "redalerts" to syslog 3. DO NOT create an alert file (fast or full) Here is what I did to get that to happen: 1. put the following in my config file: output log_tcpdump: /some/full/path/to/binarylogfile ruletype redalert { type log <<<--- notice not alert output alert_syslog: LOG_LOCAL5 LOG_DEBUG LOG_PERROR } 2. start snort with the -A none option This causes a WARNING: WARNING: command line overrides rules file alert plugin! However, I get the desired result, namely no alert file (fast or full format), and syslogs for the few redalerts I want to know about instantly. So, what could I do otherwise to get the desired result, and avoid the WARNING? Thanks, Phil ------------------------------------------------------- This sf.net email is sponsored by: Jabber Inc. Don't miss the IM event of the season | Special offer for OSDN members! JabConf 2002, Aug. 20-22, Keystone, CO http://www.jabberconf.com/osdn _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Stupid question, as in I ought to know the answer to this. Phil Wood (Jun 25)
- Re: Stupid question, as in I ought to know the answer to Phil Wood (Jun 25)