[Snort-users] Snortdb: Logging both to MySQL and local disk?
ksl at ...371...
Thu Sep 7 13:04:42 EDT 2000
Is there a way of both logging to a remote MySQL db and still get that nice
directory tree (usually in /var/log/snort/) divided into IP-dirs with
I have tried multiple output entries in rules.base, like:
output alert_syslog: LOG_AUTH LOG_ALERT
output log_database: mysql, user=someuser password=xxxxx dbname=snort_IDS
output alerts_full: /var/log/snort/ (also tried with
output log_tcpdump: /var/log/snort/snort.log (snort died with this one -
need some inc and libs in configure like MySQL??)
All alerts goes into the MySQL db and portscans get logged in
/var/log/snort/portscan.log, but the packet payload seemes to be lost.
Thanks in advance,
More information about the Snort-users