[Snort-users] Question about alerts and Windows environment

L. Christopher Luther CLuther at ...6333...
Tue Jan 7 11:45:07 EST 2003


Mark,  

Are you using an alert output plugin in the snort.conf file?  If so, then
yes, '-E' will disable this alert output.  

Instead, specify an alert output via the command line (e.g., '-A fast', '-A
full', etc.) or, as I just found out (the hard way), the 'output
alert_syslog ...' plug-in under Win32 (at least for Snort 1.8.6) sends its
output to the Application Event log.  You could always try this and drop the
'-E' command line parameter.  

Christopher 


-----Original Message-----
Date: Mon,  6 Jan 2003 09:34:37 -0600
From: "Mark  Scott" <Mark.Scott at ...655...>
Reply-To: <Mark.Scott at ...655...>
To: <snort-users at ...314...>
Subject: [Snort-users] Question about alerts and Windows environment

Hi,

I am testing Snort on Windows XP and would like to be able to log alerts to
the alerts file in my log directory and also in my Windows event log. Is it
possible to do this? I am using the snort command line '-E' which sends it
to the event log, but it stops loggin to the alert file.

Thanks for any insight,

Mark 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20030107/8318a0e7/attachment.html>


More information about the Snort-users mailing list