Alerts or log files, which is better?

["John Creegan" <jcreegan () questarweb com>]

No one goes to jail over my statement of confidentiality that I *have*
to put up with.  I wish I could lose it for mailing lists, but I can't. 
To be nice, I don't put my signature out in an attempt to keep things as
short as I can.

I'm trying to determine whether to import unified log files or unified
alert files to the DB using barnyard.  I've been in the FAQ and the
archives, the three recommended books, etc... and I've come away with
the idea that logs are better if you want more complete info, alerts are
better if you don't want the alert detail.

Is that right?

Up next: the research into handling the log files with the current
date_time appended when automatically starting snort and barnyard.  Stay
tuned!


This message (including any attachments) contains confidential 
information intended for a specific individual and purpose, 
and is protected by law.  If you are not the intended recipient,
you should delete this message and are hereby notified that any 
disclosure,copying, or distribution of this message, or the taking 
of any action based on it, is strictly prohibited.



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
SourceForge.net hosts over 70,000 Open Source Projects.
See the people who have HELPED US provide better services:
Click here: http://sourceforge.net/supporters.php
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users