Snort mailing list archives
Alerts or log files, which is better?
From: "John Creegan" <jcreegan () questarweb com>
Date: Fri, 10 Oct 2003 14:39:44 -0500
No one goes to jail over my statement of confidentiality that I *have* to put up with. I wish I could lose it for mailing lists, but I can't. To be nice, I don't put my signature out in an attempt to keep things as short as I can. I'm trying to determine whether to import unified log files or unified alert files to the DB using barnyard. I've been in the FAQ and the archives, the three recommended books, etc... and I've come away with the idea that logs are better if you want more complete info, alerts are better if you don't want the alert detail. Is that right? Up next: the research into handling the log files with the current date_time appended when automatically starting snort and barnyard. Stay tuned! This message (including any attachments) contains confidential information intended for a specific individual and purpose, and is protected by law. If you are not the intended recipient, you should delete this message and are hereby notified that any disclosure,copying, or distribution of this message, or the taking of any action based on it, is strictly prohibited. ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. SourceForge.net hosts over 70,000 Open Source Projects. See the people who have HELPED US provide better services: Click here: http://sourceforge.net/supporters.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alerts or log files, which is better? John Creegan (Oct 10)