[Snort-devel] Snort database logging while alerting to unixsock
erek at ...835...
Thu Jun 5 21:22:04 EDT 2003
On Mon, 2 Jun 2003, Chris Toombs wrote:
> Why does the snort command line option to alert using the Unix socket
> preclude the simultaneous logging to a database as configured through
> the conf file (constrained in parser.c, ParseOutputPlugIn)? I would
> like to do this, and can get both to run by changing parser.c, but I am
> wondering why it was coded like this to begin with? Any help would be
> greatly appreciated.
Command line options override config file settings. That allows for quick
checking of a option without editing your config file. You can quickly
test a feature w/o changing anything.
If that's a problem, just add both output methods to your config file
using the output plugin 'alert_unixsock' and whatever logging types you
"When things get weird, the weird turn pro." H.S. Thompson
More information about the Snort-devel