[Snort-users] Spade ---What gives

bthaler at ...2720... bthaler at ...2720...
Wed Mar 13 09:33:03 EST 2002

Just to confirm, because neither FAQ is clear on this:
I can have both:
output database: alert, mysql, user=snort, dbname=snort_log host=localhost password=foo
output database: log, mysql, user=snort, dbname=snort_log host=localhost password=foo
at the same time, right?

I changed my "log" to "alert" and the number of alerts dropped from about 1000 per hour to about 200...
So I'm assuming that "alert" doesn't include "log".

Right now, I'm using both "alert" and "log".  Does it matter which is listed first in the snort.conf?

Thanks for all the help, BTW.


Brad T. 

----- Original Message ----- 
From: "Erek Adams" <erek at ...577...>
To: <bthaler at ...2720...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Wednesday, March 13, 2002 11:58 AM
Subject: Re: [Snort-users] Spade ---What gives

> On Wed, 13 Mar 2002 bthaler at ...2720... wrote:
> > Well, since I'm not using Acid, I would have no reason to look in the Acid
> > FAQ's, would I?
> Ahhh...  I didn't catch the original post that you sent over.  I just saw the
> 'spade alerts' and 'database', so I assumed ACID.  My bad.
> > Perhaps this should be included in the *Snort* FAQ.....oh wait, it already
> > is...doh! But to my own defense, this problem is listed as "Portscans are
> > not being logged to my database", so a layperson like myself wouldn't know
> > that this is the same problem.
> Layperson?  Naaaa...  That's only for people eating lots of Lays potato chips.
> ;-)
> Good point about adding/modifing the FAQ to note that the Spade stuff won't be
> logged as well.
> Cheers!
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

More information about the Snort-users mailing list