[Snort-users] 2 Questions

Andrew R. Baker andrewb at ...950...
Wed Jul 3 06:58:02 EDT 2002


Rajkumar S. wrote:
> 
> Next is a silly question, What is the difference between an alert plugin
> and a log plugin? I have looked at the FAQ etc but could not find a
> definitive answer to this fundamental question.


There are a few differences between them.  First, both log and alert 
plugins will be called for alert rules, but only the log plugins will be 
called for log rules.  Secondly, they differ in the intent of the 
plugin.  Log plugins are intended to actually log the packet itself, 
while alert plugins are intended to only provide a few key pieces of 
information about the packet that triggered the alert.  Also, some of 
the log plugins will not report any information about the signature that 
caused the packet to be logged.

Hope that helps,

Andrew





More information about the Snort-users mailing list