AW: [Snort-users] snort logging, maybe newbie and stupid

Poppi, Sandro Sandro.Poppi at ...3316...
Wed Aug 28 02:03:02 EDT 2002


Hi Federico
> 
> And these for logging:
> 
> ruletype redalert
> {
> type alert
> output database: log, mysql, user=snort dbname=snort_alert 
> host=192.168.0.2
> password=***** sensor_name=name detail=full
> }
> ruletype archive
> {
> type log
> output database: log, mysql, user=snort dbname=snort_log 
> host=192.168.0.2
> password=***** sensor_name=name detail=full
> }
> 
> 
> Ok, all work correctly, all alerts are logged into the db.....
> My question is... WHY some alerts... such ad stram4 frag2 and other
> preprocessor are logged into a normal file 
> (/var/log/snort/alerts) instead
> of db?
> Is my configuration error or are only loggable into file??

change output database: log, ... to output database: alert, ... and all
should be fine.

HTH,
Sandro




More information about the Snort-users mailing list