[Snort-users] Logging to /var/log/snort/alert AND mysql?

Chris Ling ling at ...2002...
Wed May 9 16:52:00 EDT 2001


Hi, just looked over the FAQ & didn't see anything there.

With snort, I am running Guardian and another small script that mails me every
5 minutes if /var/log/snort/alert changes.  I've been reading about ACID for
the last few weeks, and finally made the effort to install apache, mysql, php
and ACID.

Running like a charm, with:

output database: alert, mysql, user=www dbname=snort host=localhost

-BUT-

I never used to bother with an output plugin before, so of course, my output
went to /var/log/snort/alert (Linux 2.2.14).  How can I still have that output
AND log to mysql/ACID?

commandline:

/usr/local/bin/snort -de -D -i eth0 -c /etc/snort/snort.conf


:\        Chris Ling - Systems Analyst / Programmer       /:
:|  Components Division, CARIS / Fredericton, NB, Canada  |:
:|    ling at ...2002... | phone: (506)462-4212   |:
:/  Mind over matter; if you don't mind, it don't matter. \:







More information about the Snort-users mailing list