[Snort-devel] Snort database logging while alerting to unixsock

Erek Adams erek at ...835...
Thu Jun 5 21:22:04 EDT 2003


On Mon, 2 Jun 2003, Chris Toombs wrote:

> Why does the snort command line option to alert using the Unix socket
> preclude the simultaneous logging to a database as configured through
> the conf file (constrained in parser.c, ParseOutputPlugIn)?  I would
> like to do this, and can get both to run by changing parser.c, but I am
> wondering why it was coded like this to begin with?  Any help would be
> greatly appreciated.

Command line options override config file settings.  That allows for quick
checking of a option without editing your config file.  You can quickly
test a feature w/o changing anything.

If that's a problem, just add both output methods to your config file
using the output plugin 'alert_unixsock' and whatever logging types you
wish otherwise.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson




More information about the Snort-devel mailing list