[Snort-users] Question about Snort/ACID/MySQL and how they play together

Erek Adams erek at ...950...
Thu Apr 24 04:34:06 EDT 2003


On Wed, 23 Apr 2003, Snow Jacob C KPWA wrote:

> output database: log, mysql, user=snort1 password=test_snort dbname=snort
> host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1
>
> output database: alert, mysql, user=snort1 password=test_snort dbname=snort
> host=xxx.xxx.xxx.xxx port=3306 sensor_name=slave1
>
>
>
> in the snort.conf file will you get alerts in the log file as well?

[...snip...]

Logging vs. Alerting [0].

Short answer:  It's useless to have both lines.  Just change it to 'log',
and the db output plugin gets all logged and alerted rules.

Cheers!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


[0]	http://www.theadamsfamily.net/~erek/snort/logging_methods.txt




More information about the Snort-users mailing list