Snort mailing list archives
Re: about log and alert
From: Joel Esler <jesler () sourcefire com>
Date: Fri, 11 Dec 2009 08:41:08 -0500
On 12/11/09 4:01 AM, Pradeep Lamabam wrote:
hello i am using snort with barnyard2 and logging the data with mysql. in barnyard2.conf, in the line output database: log, mysql, user=root password=test dbname=db host=localhost, we have two options to log alerts ( ie log or alert). what i want to know is the difference in using log or alert and how each affects the way alerts are logged in the database.
If you use Unified2, as specified on about page 101 of the Snort Users Manual (pdf form), you will see that you don't need to decide between the two, as Unified2 has the ability to log both in one file. Joel ------------------------------------------------------------------------------ Return on Information: Google Enterprise Search pays you back Get the facts. http://p.sf.net/sfu/google-dev2dev _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- about log and alert Pradeep Lamabam (Dec 11)
- Re: about log and alert Joel Esler (Dec 11)