Re: Logging to snort log and mySQL - how to?

["Andrew R. Baker" <andrewb0x29a () yahoo com>]

If you have the database output plugin configured to use the "log"
facility instead of the "alert" facility then you will not be able to get
the "folders with IP addresses as names" logging output.  Your choices are
to configure the database output plugin to use the "alert" facility (not
sure exactly how this translates to the config) or beg somebody to create
an output plugin for the "folders with IP addresses as names" so you can
enable that in the config.

-A


--- John Hall <JohnH () snetworking com> wrote:
> We have been trying to get Snort 1.7 (the Windows port) to log both to
> mySQL
> and to c:\snort\logs with the latter having a subidrectory with the IP
> address of the "attacker" as the subdirectory name.
>
> We find that we seem to be able to have either one (mySQL) or the other
> (folders with IP addresses as names), but not both.
>
> Has anyone been able to get both to log?
>
> John Hall
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


__________________________________________________
Do You Yahoo!?
Make international calls for as low as $.04/minute with Yahoo! Messenger
http://phonecard.yahoo.com/

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users