[Snort-users] Output plugins -differences between logging methods?

Rockoff, Dan dan.rockoff at ...4682...
Fri Jan 25 08:40:04 EST 2002


I have successfully set up snort logging to a MySql database, and it has
been running fine for over a month now with no problems.

I am curious however what the differences are between the "output database:
log, and output database: alert" functions.

If I have both enabled, it looks like I get duplicate data for most hits
with the exception of portscans.

Should I just use alert, or am I losing something by not using the "log"
facility?

Thanks.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20020125/91cef2b4/attachment.html>


More information about the Snort-users mailing list