Snort mailing list archives
Allow me to field a question
From: "Slighter, Tim" <tslighter () itc nrcs usda gov>
Date: Fri, 25 Apr 2003 12:49:26 -0600
In respect to either activate/dynamic and/or tag. Let's say that I have specified "tag: host, 300, packets, src;" on many of the rules. Since snort is running in such a manner that it is only sending output to the MySQL database..no alert file. Under these circumstances, where are the 300 packet capture files going to end up and is it possible to view these on the ACID console? My guess is that for each "tagged" session, a separate directory is created in /var/log/snort with a corresponding IP and in each of those directories are the "tagged" sessions. If this is true, is this data available in the ACID console? and if not is there a way to make it so?
Current thread:
- Allow me to field a question Slighter, Tim (Apr 25)