Snort mailing list archives

Dual Alerts ?

From: David Markle <davidmarkle () comcast net>
Date: Sun, 13 Apr 2003 21:44:21 -0400

I would really like to have TWO working OUTPUT PLUGINS: (Databases and Syslog).  From what I have determined, two 
Syslog FACILITIES are used (auth.notice and daemon.notice).  The auth.notice (which is configurable in the snort.conf) 
is used for alerts and daemon.notice is used for snort start/stop etc.  

Both output plugins are important because I want Syslog to a remote host and the database output plug for ACID.  The 
problem is, I'm getting dual alerts in both ACID and Syslog and do not know why, (other than two output plug entries in 
the .conf file - duh).  Can't the output plugs fork the data independently ?  Is this a limitation of the product or my 
knowledge ??

Thanks in advance.

David Markle




-------------------------------------------------------
This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger 
for complex code. Debugging C/C++ programs can leave you feeling lost and 
disoriented. TotalView can help you find your way. Available on major UNIX 
and Linux platforms. Try it free. www.etnus.com
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Best OS Ryan Finnesey (Apr 11)
- Re: Best OS Edin Dizdarevic (Apr 12)
  - Re: Best OS Jeff (Apr 12)
- Re: Best OS Mike Mentges (Apr 14)
- <Possible follow-ups>
- RE: Best OS Ryan Finnesey (Apr 12)
  - RE: Best OS Patrick S. Harper (Apr 12)
  - Dual Alerts ? David Markle (Apr 13)
- RE: Best OS SecurityAdmin (Apr 12)
  - Re: Best OS Bruno Benchimol a.k.a. Misty MSt (Apr 13)