[Snort-users] Alert vs. Log?
erek at ...577...
Mon Mar 4 15:16:14 EST 2002
On Mon, 4 Mar 2002, Nels Lindquist wrote:
> Okay, I'm confused.
That's Ok. I'm fusedcon.
> What exactly is the difference between "log" and "alert?" I'm using
> snort 1.8.3 with the following output configuration in
> Now, I was under the impression that logging to a database was the
> desired behaviour, and that doing so would override the default
> logging to syslog, text file etc. However, alerts are still being
> recorded in /var/log/snort/alert in plain ASCII. I don't want 'em
> there; I'm using ACID to look at the alerts which are logged in the
> MySQL database.
Quick-n-Dirty answer: symlink /var/log/snort -> /dev/null
Longer answer: Lemme peek at the source. :)
Hope that helps some!
More information about the Snort-users