Snort mailing list archives

AW: snort logging, maybe newbie and stupid

From: "Poppi, Sandro" <Sandro.Poppi () wacker com>
Date: Wed, 28 Aug 2002 10:56:18 +0200

Hi Federico


And these for logging:

ruletype redalert
{
type alert
output database: log, mysql, user=snort dbname=snort_alert 
host=192.168.0.2
password=***** sensor_name=name detail=full
}
ruletype archive
{
type log
output database: log, mysql, user=snort dbname=snort_log 
host=192.168.0.2
password=***** sensor_name=name detail=full
}


Ok, all work correctly, all alerts are logged into the db.....
My question is... WHY some alerts... such ad stram4 frag2 and other
preprocessor are logged into a normal file 
(/var/log/snort/alerts) instead
of db?
Is my configuration error or are only loggable into file??


change output database: log, ... to output database: alert, ... and all
should be fine.

HTH,
Sandro


-------------------------------------------------------
This sf.net email is sponsored by: Jabber - The world's fastest growing 
real-time communications platform! Don't just IM. Build it in! 
http://www.jabber.com/osdn/xim
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

AW: snort logging, maybe newbie and stupid Poppi, Sandro (Aug 28)