[Snort-users] odd output plugin behavior?
Kiira Triea
kiira-t at ...2241...
Tue Jun 19 14:49:23 EDT 2001
>
> On Tue, 19 Jun 2001, Kiira Triea wrote:
>
> > Maybe I'm missing something simple here but I want an output that will
> > write to a logfile so that my Logchecker can email cheery tales
> > of nefarious s'kddies but I also want my alerts going into my
> > posgresql DB.
>
> Yep. It's one of the "Should be in the FAQ" questions. :) Don't worry--It
> bit me too!
>
>
> > So I did this in snort.conf as per the example:
> >
> > ruletype redalert
> > {
> > type alert
> > output alert_syslog: LOG_LOCAL2
> > output database: alert, postgresql, user=user dbname=snort password=password
> > }
>
> [...snip...]
>
> Go into your local.rules and make sure you have something like:
>
> redalert tcp any any -> any any (msg:"REDRUM REDRUM"; content:"redalerttest")
>
> Then just do a telnet and type 'redalerttest'. Presto, alerts to both.
>
> Hope this helps!
Yes that did it fine... I misunderstood the actual use of defining
output plugins.
thanks!
Kiira
More information about the Snort-users
mailing list