Snort mailing list archives

Re: about log and alert

From: Joel Esler <jesler () sourcefire com>
Date: Fri, 11 Dec 2009 08:41:08 -0500

On 12/11/09 4:01 AM, Pradeep Lamabam wrote:

hello

i am using snort with barnyard2 and logging the data with mysql. in
barnyard2.conf, in the line output database: log, mysql, user=root
password=test dbname=db host=localhost, we have two options to log
alerts ( ie log or alert).
what i want to know is the difference in using log or alert and how each
affects the way alerts are logged in the database.



If you use Unified2, as specified on about page 101 of the Snort Users 
Manual (pdf form), you will see that you don't need to decide between 
the two, as Unified2 has the ability to log both in one file.

Joel

------------------------------------------------------------------------------
Return on Information:
Google Enterprise Search pays you back
Get the facts.
http://p.sf.net/sfu/google-dev2dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

about log and alert Pradeep Lamabam (Dec 11)
- Re: about log and alert Joel Esler (Dec 11)