Snort mailing list archives

Re: Alert or log?

From: Erek Adams <erek () snort org>
Date: Fri, 14 Feb 2003 00:16:19 -0500 (EST)

On Fri, 14 Feb 2003 francisv () dagupan com wrote:

[...snip...]

log? What's the basic difference? Also, I learned that ACID's portscan graph
wouldn't work unless you're logging alerts and it also doesn't understand
the output from the portscan2 preprocessor.


For the definitive answer on "alert vs. log" have a look at this [0]
email.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.theadamsfamily.net/~erek/snort/logging_methods.txt


-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Alert or log? francisv (Feb 13)
- Re: Alert or log? Erek Adams (Feb 13)
- <Possible follow-ups>
- RE: Alert or log? francisv (Feb 13)
  - RE: Alert or log? Erek Adams (Feb 14)
  - Re: Alert or log? Bamm Visscher (Feb 14)
    - Re: Alert or log? Paul B. Poh (Feb 16)
- RE: Alert or log? francisv (Feb 14)
  - RE: Alert or log? Erek Adams (Feb 15)