Snort mailing list archives
Re: Hard choice: Preprocessor or Tagging
From: Chris Green <cmg () sourcefire com>
Date: Mon, 02 Sep 2002 10:35:36 -0400
Michael Boman <michael.boman () securecirt com> writes:
Hi all, Is there any particular reason why preprocessors only get into the 'alert' facility and never get passed on to the 'log' facility?
Which preprocessor? The only ones that only call alerts are things like portscans to my knowledge.
It seems like I have to make a choice: Either I choose to get the preprocessor alerts in MySQL or the rule tagging, but not both. Best regards Michael Boman
-- Chris Green <cmg () sourcefire com> You now have 14 minutes to reach minimum safe distance. ------------------------------------------------------- This sf.net email is sponsored by: OSDN - Tired of that same old cell phone? Get a new here for FREE! https://www.inphonic.com/r.asp?r=sourceforge1&refcode1=vs3390 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Hard choice: Preprocessor or Tagging Michael Boman (Aug 31)
- Re: Hard choice: Preprocessor or Tagging Chris Green (Sep 02)
- Re: Hard choice: Preprocessor or Tagging Michael Boman (Sep 02)
- Re: Hard choice: Preprocessor or Tagging Chris Green (Sep 02)
- Re: Hard choice: Preprocessor or Tagging Michael Boman (Sep 02)
- Re: Hard choice: Preprocessor or Tagging Chris Green (Sep 03)
- Re: Hard choice: Preprocessor or Tagging Michael Boman (Sep 02)
- Re: Hard choice: Preprocessor or Tagging Chris Green (Sep 02)