[Snort-users] AW: (Snort-users) ACID and portscan reporting

sandro.poppi at ...3316... sandro.poppi at ...3316...
Tue Oct 16 23:45:15 EDT 2001


>
> The FAQ says to change the output line in your snort.conf to:
>
> output database: alert, mysql, user=user dbname=snort host=localhost
>
> My question is, does this stop snort from logging to the log file and
> the database?  I like that I have it logging to both.  Sorry,
> I'm new to
> this.
>

Karen,

you can add additional output modules to log to syslog, e.g. I'm using a mysql
AND syslog alerting using the follwing lines in snort.conf:

output alert_syslog: LOG_AUTH LOG_ALERT LOG_PID
output database: alert, mysql, user=user password=xxxx dbname=snort
host=localhost sensor_name=ids01

Take a look at the snort manual shipped with snort 1.8.1 (or in the
documentation section of www.snort.org) to get more info about the ouput modules
and their options.

HTH,
Sandro





More information about the Snort-users mailing list