[Snort-users] Output plugins -differences between logging methods?
dan.rockoff at ...4682...
Fri Jan 25 08:40:04 EST 2002
I have successfully set up snort logging to a MySql database, and it has
been running fine for over a month now with no problems.
I am curious however what the differences are between the "output database:
log, and output database: alert" functions.
If I have both enabled, it looks like I get duplicate data for most hits
with the exception of portscans.
Should I just use alert, or am I losing something by not using the "log"
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users