Snort mailing list archives

RE: Snort 1.9, RH 7.3 and Acid

From: Erek Adams <erek () theadamsfamily net>
Date: Mon, 7 Oct 2002 10:15:15 -0700 (PDT)

On Mon, 7 Oct 2002, Slighter, Tim wrote:

did you check the snort.conf file to ensure that on the output line it is
using "alert" instead of "log" ?  Also, you may have to start snort with the
-o option to change the order for snort output.


The '-o' parameter has nothing to do with the DB.  You could add it, remove it
and all data would still go into the DB.

Changing it from 'alert' to 'log' has nothing to do with the rules, it only
has to do with the output facility.  Marty gives a nice breakdown of it in a
old message[0] to the list.

Josh, take a look at the ACID Install doc.  There's a section on 'How to
verify MySQL logging' that might be of some use.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


[0]     http://www.theadamsfamily.net/~erek/snort/logging_methods.txt
[1]     http://acidlab.sourceforge.net/acid_config.html




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Snort 1.9, RH 7.3 and Acid Beckett, Josh (Oct 04)
- Re: Snort 1.9, RH 7.3 and Acid Addam Schroll (Oct 04)
- <Possible follow-ups>
- RE: Snort 1.9, RH 7.3 and Acid Beckett, Josh (Oct 04)
- RE: Snort 1.9, RH 7.3 and Acid Slighter, Tim (Oct 07)
  - RE: Snort 1.9, RH 7.3 and Acid Erek Adams (Oct 07)
- RE: Snort 1.9, RH 7.3 and Acid Beckett, Josh (Oct 07)
- RE: Snort 1.9, RH 7.3 and Acid Kevin Brown (Oct 07)
- RE: Snort 1.9, RH 7.3 and Acid Beckett, Josh (Oct 08)
  - RE: Snort 1.9, RH 7.3 and Acid Erek Adams (Oct 08)