[Snort-users] Output database plugin.
erek at ...577...
Thu Mar 7 08:20:12 EST 2002
On Thu, 7 Mar 2002, Emilio Jos� Mira Alfaro wrote:
> 1) Whether -A option is used to configure alert mode and -b option to
> log mode, why -A option override output database plugin when this
> plugin is configured with log facility?:
> output database: log, mysql, user=root password=test dbname=db
Command line switches always override config file settings.
> 2) What diference is there between log and alert facility with output
> database plugin?. I use log facility (by default in snort.conf) with
> mysql database and it stores packets and alerts, while postgresql is
> configured by default with alert facility.
> 3)Rules with alert action first generate an alert and then log the
> packet, and rules with log action only log the packet, so, why is
> different in output database pluging?.
It's not. The DB plugin hooks into the output routines, so when you use LOG
or ALERT it works exactly the same as not using the DB plugin.
Hope that helps!
More information about the Snort-users