[Snort-users] Snort Output plug in questions.
vjayl at ...3331...
Mon Sep 24 12:39:03 EDT 2001
Quick question about output plugins. I am currently using the following
in my rules file,
output alert_fast: /opt/snort/log/alert
output database: alert mysql, dbname=snort user=mysql host=localhost
password=test123 sensor_name=production encoding=ascii detail=full
My snort command line looks like this,
/opt/snort/bin/snort -D -i qfe6 -c /opt/snort/conf/rules.conf -l
/opt/snort/log -X -d
My question is this.
If I want to log everything to the DB, but I also want to just log the
the packet info) to the /opt/snort/log/alert file. This is not what is
happening currently. The full
packet is still being logged to disk in the /opt/snort/log/X.X.X.X
So if I leave off the -X -d on the command line will I be able to still
get the full packet in the DB,
and just the alerts to the alert file? Thanks!
V.Jay LaRosa EMC Corporation
Systems Administrator 171 South Street
(508)435-1000 ext 14957 Hopkinton, MA 01748
(508)497-8082 fax www.emc.com
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users