Snort mailing list archives
Re: Spade ---What gives
From: Erek Adams <erek () theadamsfamily net>
Date: Wed, 13 Mar 2002 08:37:23 -0800 (PST)
On Wed, 13 Mar 2002 bthaler () webstream net wrote:
Something else I noticed: Even with my usual database output plugin enabled, Snort still creates the "alert" file.
Yep. That's normal.
I grep'd this for "spp_anomsensor", and viola! There's millions of Spade alerts in there. So evidently Spade was working properly, and it seems that Snort was just not writing the spp_anomsensor alerts to the database.
Nope. Not quite. http://acidlab.sourceforge.net/acid_faq.html#faq_b7 Oh, and that's a one drink penalty for the question and a one drink penalty for the answer. ;-) It's amazing what you can find in the FAQ's and docs, isn't it? ;-) Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Spade ---What gives bthaler (Mar 12)
- Re: Spade ---What gives James Hoagland (Mar 12)
- Re: Spade ---What gives bthaler (Mar 13)
- Re: Spade ---What gives bthaler (Mar 13)
- Re: Spade ---What gives Erek Adams (Mar 13)
- Re: Spade ---What gives bthaler (Mar 13)
- Re: Spade ---What gives Erek Adams (Mar 13)
- Re: Spade ---What gives bthaler (Mar 13)
- Re: Spade ---What gives Erek Adams (Mar 13)
- Re: Spade ---What gives bthaler (Mar 13)
- Re: Alerts, Logs and DB's--Oh My! Erek Adams (Mar 13)
- Re: Spade ---What gives James Hoagland (Mar 12)