[Snort-users] Snort 1.9, RH 7.3 and Acid

Erek Adams erek at ...577...
Mon Oct 7 10:16:05 EDT 2002

On Mon, 7 Oct 2002, Slighter, Tim wrote:

> did you check the snort.conf file to ensure that on the output line it is
> using "alert" instead of "log" ?  Also, you may have to start snort with the
> -o option to change the order for snort output.

The '-o' parameter has nothing to do with the DB.  You could add it, remove it
and all data would still go into the DB.

Changing it from 'alert' to 'log' has nothing to do with the rules, it only
has to do with the output facility.  Marty gives a nice breakdown of it in a
old message[0] to the list.

Josh, take a look at the ACID Install doc.  There's a section on 'How to
verify MySQL logging' that might be of some use.


Erek Adams

[0]	http://www.theadamsfamily.net/~erek/snort/logging_methods.txt
[1]	http://acidlab.sourceforge.net/acid_config.html

More information about the Snort-users mailing list