Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: 2 Questions

From: "Andrew R. Baker" <andrewb () snort org>
Date: Wed, 03 Jul 2002 09:56:53 -0400
Rajkumar S. wrote:


Next is a silly question, What is the difference between an alert plugin
and a log plugin? I have looked at the FAQ etc but could not find a
definitive answer to this fundamental question.
There are a few differences between them. First, both log and alert plugins will be called for alert rules, but only the log plugins will be called for log rules. Secondly, they differ in the intent of the plugin. Log plugins are intended to actually log the packet itself, while alert plugins are intended to only provide a few key pieces of information about the packet that triggered the alert. Also, some of the log plugins will not report any information about the signature that caused the packet to be logged. 

Hope that helps,

Andrew



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
No, I will not fix your computer.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: