[Snort-users] Hard choice: Preprocessor or Tagging

Chris Green cmg at ...1935...
Mon Sep 2 07:40:24 EDT 2002


Michael Boman <michael.boman at ...4162...> writes:

> Hi all,
>
> Is there any particular reason why preprocessors only get into the 'alert' 
> facility and never get passed on to the 'log' facility?

Which preprocessor?  The only ones that only call alerts are things
like portscans to my knowledge.
>
> It seems like I have to make a choice: Either I choose to get the preprocessor 
> alerts in MySQL or the rule tagging, but not both.
>
> Best regards
>  Michael Boman

-- 
Chris Green <cmg at ...1935...>
You now have 14 minutes to reach minimum safe distance.




More information about the Snort-users mailing list