[Snort-users] Alert vs. Log?

Erek Adams erek at ...577...
Mon Mar 4 15:16:14 EST 2002

On Mon, 4 Mar 2002, Nels Lindquist wrote:

> Okay, I'm confused.

That's Ok.  I'm fusedcon.

> What exactly is the difference between "log" and "alert?"  I'm using
> snort 1.8.3 with the following output configuration in
> /etc/snort/snort.conf:

See:  http://www.theadamsfamily.net/~erek/snort/logging_methods.txt


> Now, I was under the impression that logging to a database was the
> desired behaviour, and that doing so would override the default
> logging to syslog, text file etc.  However, alerts are still being
> recorded in /var/log/snort/alert in plain ASCII.  I don't want 'em
> there; I'm using ACID to look at the alerts which are logged in the
> MySQL database.


Quick-n-Dirty answer:  symlink /var/log/snort -> /dev/null

Longer answer:  Lemme peek at the source.  :)

Hope that helps some!


Erek Adams

