[Snort-users] Output database plugin.

Emilio Jos=?US-ASCII?Q?=E9?= Mira Alfaro emial at ...4389...
Thu Mar 7 04:53:04 EST 2002


Hi all.

I have a questions about output database plugin:

1) Whether -A option is used to configure alert mode and -b option to
log mode, why -A option override output database plugin when this
plugin is configured with log facility?:

output database: log, mysql, user=root password=test dbname=db
host=localhost

2) What diference is there between log and alert facility with output
database plugin?. I use log facility (by default in snort.conf) with
mysql database and it stores packets and alerts, while postgresql is
configured by default with alert facility.

3)Rules with alert action first generate an alert and then log the
packet, and rules with log action only log the packet, so, why is
different in output database pluging?.

Thank you!!

--
Emilio Mira
e-mail: emial at ...4389...


















More information about the Snort-users mailing list