Snort mailing list archives

Re: Question about Snort/ACID/MySQL and how they play together

From: Erek Adams <erek () snort org>
Date: Thu, 24 Apr 2003 07:31:44 -0400 (EDT)

On Wed, 23 Apr 2003, Snow Jacob C KPWA wrote:

output database: log, mysql, user=snort1 password=test_snort dbname=snort
host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1

output database: alert, mysql, user=snort1 password=test_snort dbname=snort
host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1



in the snort.conf file will you get alerts in the log file as well?


[...snip...]

Logging vs. Alerting [0].

Short answer:  It's useless to have both lines.  Just change it to 'log',
and the db output plugin gets all logged and alerted rules.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]     http://www.theadamsfamily.net/~erek/snort/logging_methods.txt


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Question about Snort/ACID/MySQL and how they play together Snow Jacob C KPWA (Apr 23)
- RE: Question about Snort/ACID/MySQL and how they play together Michael Steele (Apr 23)
- Re: Question about Snort/ACID/MySQL and how they play together Erek Adams (Apr 24)
- <Possible follow-ups>
- Question about Snort/ACID/MySQL and how they play together Snow Jacob C KPWA (Apr 23)
- RE: Question about Snort/ACID/MySQL and how they play together Michael Steele (Apr 25)