Snort mailing list archives
Re: logging directory "/var/log/snort"
From: "Corey Rock" <snort_sigs () hotmail com>
Date: Sat, 01 May 2004 22:54:55 +0000
Thanks a lot Sgt_B!that's what I thought. makes great sense....soon, I'll not be using a DB either!
thanks again! Corey
From: sgt_b <sgt_b () security-forums com> To: Corey Rock <snort_sigs () hotmail com> CC: Snort-users () lists sourceforge net Subject: Re: [Snort-users] logging directory "/var/log/snort" Date: Sat, 01 May 2004 17:52:02 -0500 Corey, Sorry, forgot to mention this in my previous mail.Snort still needs a place to put the 'alert' file when you log to a database. The line in your snort.conf specifies the use of the "log" action in your output plugin. So it still needs to send the "alert" to its logging location (default /var/log/snort).You can set the action event in the output plugin to "alert" as well. Unfortunately, I don't regularly use snort to output to a db, so I can't tell you which action event is better, log or alert, or if you can use them at the same time. In my limited work with snort and databases, I've always used the log action event, and let the alert file get generated in /var/log/snort.At any rate, that's why snort is still asking for /var/log/snort when you're logging to a database.
_________________________________________________________________Getting married? Find tips, tools and the latest trends at MSN Life Events. http://lifeevents.msn.com/category.aspx?cid=married
------------------------------------------------------- This SF.Net email is sponsored by: Oracle 10gGet certified on the hottest thing ever to hit the market... Oracle 10g. Take an Oracle 10g class now, and we'll give you the exam FREE. http://ads.osdn.com/?ad_id=3149&alloc_id=8166&op=click
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- logging directory "/var/log/snort" Corey Rock (May 01)
- Re: logging directory "/var/log/snort" sgt_b (May 01)
- Re: logging directory "/var/log/snort" sgt_b (May 01)
- <Possible follow-ups>
- Re: logging directory "/var/log/snort" Corey Rock (May 01)
- Re: logging directory "/var/log/snort" Corey Rock (May 01)