[Snort-users] Dual Alerts ?

David Markle davidmarkle at ...5068...
Sun Apr 13 18:48:03 EDT 2003


I would really like to have TWO working OUTPUT PLUGINS: (Databases and Syslog).  From what I have determined, two Syslog FACILITIES are used (auth.notice and daemon.notice).  The auth.notice (which is configurable in the snort.conf) is used for alerts and daemon.notice is used for snort start/stop etc.  

Both output plugins are important because I want Syslog to a remote host and the database output plug for ACID.  The problem is, I'm getting dual alerts in both ACID and Syslog and do not know why, (other than two output plug entries in the .conf file - duh).  Can't the output plugs fork the data independently ?  Is this a limitation of the product or my knowledge ??

Thanks in advance.

David Markle






More information about the Snort-users mailing list