[Snort-users] Spade ---What gives
erek at ...577...
Wed Mar 13 08:38:19 EST 2002
On Wed, 13 Mar 2002 bthaler at ...2720... wrote:
> Something else I noticed: Even with my usual database output plugin enabled,
> Snort still creates the "alert" file.
Yep. That's normal.
> I grep'd this for "spp_anomsensor", and viola! There's millions of Spade
> alerts in there. So evidently Spade was working properly, and it seems that
> Snort was just not writing the spp_anomsensor alerts to the database.
Nope. Not quite.
Oh, and that's a one drink penalty for the question and a one drink penalty
for the answer. ;-)
It's amazing what you can find in the FAQ's and docs, isn't it? ;-)
More information about the Snort-users