Snort mailing list archives
AW: snort logging, maybe newbie and stupid
From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Wed, 28 Aug 2002 10:56:18 +0200
Hi Federico
And these for logging: ruletype redalert { type alert output database: log, mysql, user=snort dbname=snort_alert host=192.168.0.2 password=***** sensor_name=name detail=full } ruletype archive { type log output database: log, mysql, user=snort dbname=snort_log host=192.168.0.2 password=***** sensor_name=name detail=full } Ok, all work correctly, all alerts are logged into the db..... My question is... WHY some alerts... such ad stram4 frag2 and other preprocessor are logged into a normal file (/var/log/snort/alerts) instead of db? Is my configuration error or are only loggable into file??
change output database: log, ... to output database: alert, ... and all should be fine. HTH, Sandro ------------------------------------------------------- This sf.net email is sponsored by: Jabber - The world's fastest growing real-time communications platform! Don't just IM. Build it in! http://www.jabber.com/osdn/xim _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- AW: snort logging, maybe newbie and stupid Poppi, Sandro (Aug 28)