Multiple logging destinations

[Steve Nold <Steve.Nold () lenderlive com>]

Forgive me if this has been asked before - I've searched through the
archives and couldn't find an answer...

I recently reconfigured Snort so that instead of doing full logging to a
directory, it's now logging into a MySql database.  That works just fine.
However, I'd now like to have it log to a directory as well as the database.
In my snort.conf file, I've got an entry for the database that looks like
this:

output database: log, mysql, dbname=snort user=snort host=localhost

I've also got an entry to do full logging that looks like this:

output alert_full: /var/log/snortlogs/alert

The problem, however, is that even though it writes the 'alert' file, I
don't get any subdirectories based on IP address like I did before.  Is
there an additional option for the 'alert_full' directive that I'm missing?
I figured that if I turned on full logging, it would behave the same way it
was before I was logging to a database, but so far it doesn't.

Thanks,

Steve

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users