[Snort-users] Spade ---What gives

Erek Adams erek at ...577...
Wed Mar 13 08:38:19 EST 2002


On Wed, 13 Mar 2002 bthaler at ...2720... wrote:

> Something else I noticed: Even with my usual database output plugin enabled,
> Snort still creates the "alert" file.

Yep.  That's normal.

> I grep'd this for "spp_anomsensor", and viola!  There's millions of Spade
> alerts in there.  So evidently Spade was working properly, and it seems that
> Snort was just not writing the spp_anomsensor alerts to the database.

Nope.  Not quite.

http://acidlab.sourceforge.net/acid_faq.html#faq_b7

Oh, and that's a one drink penalty for the question and a one drink penalty
for the answer.  ;-)

It's amazing what you can find in the FAQ's and docs, isn't it?  ;-)

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list