[Snort-users] Snort Output plug in questions.

Vjay LaRosa vjayl at ...3331...
Mon Sep 24 12:39:03 EDT 2001


Hello,

Quick question about output plugins. I am currently using the following
in my rules file,

output alert_fast: /opt/snort/log/alert
output database: alert mysql, dbname=snort user=mysql host=localhost
password=test123 sensor_name=production encoding=ascii detail=full

My snort command line looks like this,

/opt/snort/bin/snort -D -i qfe6 -c /opt/snort/conf/rules.conf -l
/opt/snort/log -X -d

My question is this.

If I want to log everything to the DB, but I also want to just log the
alert (not
the packet info) to the /opt/snort/log/alert file. This is not what is
happening currently. The full
packet is still being logged to disk in the /opt/snort/log/X.X.X.X
directories.

So if I leave off the -X -d on the command line will I be able to still
get the full packet in the DB,
and just the alerts to the alert file? Thanks!

vjl



--
 V.Jay LaRosa                           EMC Corporation
 Systems Administrator                  171 South Street
 (508)435-1000 ext 14957                Hopkinton, MA 01748
 (508)497-8082 fax                      www.emc.com


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20010924/cfcd6adc/attachment.html>


More information about the Snort-users mailing list