Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: alert and Log

From: Erek Adams <erek () snort org>
Date: Fri, 28 Feb 2003 00:08:18 -0500 (EST)
On Thu, 27 Feb 2003, Clayton Mascasrenhas wrote:


Could anyone please tell me why sometimes after running snort Alerts =
some number and log = some other number. e.g. alerts = 5442 and log =
7065. Shudnt they be the same?? Doesnt log mean the alerst that are
detected and logged??


No.  They are not the same.

Have a look at this post [0] from Marty.  It explains it quite well.

And it's amazing what you can find in the archives [1].  Quite often, it
can be a fount of knowledge....  ;-)

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson

[0]     http://www.theadamsfamily.net/~erek/snort/logging_methods.txt
[1]     http://marc.theaimsgroup.com/?l=snort-users&r=1&w=2


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: