[Snort-users] Output database plugin.

Erek Adams erek at ...577...
Thu Mar 7 08:20:12 EST 2002


On Thu, 7 Mar 2002, Emilio Jos� Mira Alfaro wrote:

[...snip...]
>
> 1) Whether -A option is used to configure alert mode and -b option to
> log mode, why -A option override output database plugin when this
> plugin is configured with log facility?:
>
> output database: log, mysql, user=root password=test dbname=db
> host=localhost

Command line switches always override config file settings.

> 2) What diference is there between log and alert facility with output
> database plugin?. I use log facility (by default in snort.conf) with
> mysql database and it stores packets and alerts, while postgresql is
> configured by default with alert facility.

See http://www.theadamsfamily.net/~erek/snort/logging_methods.txt

> 3)Rules with alert action first generate an alert and then log the
> packet, and rules with log action only log the packet, so, why is
> different in output database pluging?.

It's not.  The DB plugin hooks into the output routines, so when you use LOG
or ALERT it works exactly the same as not using the DB plugin.

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list