[Snort-users] Output Plugins

John_Delisle at ...1523... John_Delisle at ...1523...
Thu Mar 15 16:14:42 EST 2001


Hi everyone,

I have a problem thats driving me NUTS!!

Question --- What output plugin should I use to get the same results as "-A
full"??


My needs are as follows:

- Full logging, with packet captures for all rules in my conf file.  You
get this by running with -A full I think.
- Syslog alerts for some rules, but not all of them.

I think I can get this with my own ruletype definitions, one that logs just
like "-A full", and one that also sends a message to syslog.

Any ideas?

John Delisle
Corporate Technology
Ceridian Canada Ltd
204-975-5909





More information about the Snort-users mailing list