Snort mailing list archives
Dual Alerts ?
From: David Markle <davidmarkle () comcast net>
Date: Sun, 13 Apr 2003 21:44:21 -0400
I would really like to have TWO working OUTPUT PLUGINS: (Databases and Syslog). From what I have determined, two Syslog FACILITIES are used (auth.notice and daemon.notice). The auth.notice (which is configurable in the snort.conf) is used for alerts and daemon.notice is used for snort start/stop etc. Both output plugins are important because I want Syslog to a remote host and the database output plug for ACID. The problem is, I'm getting dual alerts in both ACID and Syslog and do not know why, (other than two output plug entries in the .conf file - duh). Can't the output plugs fork the data independently ? Is this a limitation of the product or my knowledge ?? Thanks in advance. David Markle ------------------------------------------------------- This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Best OS Ryan Finnesey (Apr 11)
- Re: Best OS Edin Dizdarevic (Apr 12)
- Re: Best OS Jeff (Apr 12)
- Re: Best OS Mike Mentges (Apr 14)
- <Possible follow-ups>
- RE: Best OS Ryan Finnesey (Apr 12)
- RE: Best OS Patrick S. Harper (Apr 12)
- Dual Alerts ? David Markle (Apr 13)
- RE: Best OS SecurityAdmin (Apr 12)
- Re: Best OS Bruno Benchimol a.k.a. Misty MSt (Apr 13)
- Re: Best OS Edin Dizdarevic (Apr 12)