Re: SnortCenter and multiple output plugins

[Erek Adams <erek () snort org>]

On Sat, 9 Aug 2003, Chris Dos wrote:

> I read the information.  However, it doesn't seem to work in practice.
> If I just have database logging Log and not Alert, I do not get any
> portscans detected listed in Acid.  This is an exerpt from the Acid FAQ:

[...snip...]

Log vs. Alert has been discussed forever on this list.  :)  The long and
short of it is this:

        Log:  Logs the packet and any other information to disk.
        Alert:  Builds an alert and passes it along with the packet data
to the Log facility.

So Log catches all Alerts as well.  Check the last line in the link that I
sent:

        What this means in practical terms is that if the db plugin
        is in alert mode, it will only receive output from alert rules,
        whereas if it's in "log" mode it will receive output from both log
        and alert rules.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.Net email sponsored by: Free pre-built ASP.NET sites including
Data Reports, E-commerce, Portals, and Forums are available now.
Download today and enter to win an XBOX or Visual Studio .NET.
http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users