[Snort-users] Snort 2.0 + MySQL + SMBalerts question

L. Christopher Luther CLuther at ...6333...
Wed May 14 08:23:02 EDT 2003


Dirk,  

The Snort command line options for alerting or logging override *all* output
plugins specified in snort.conf [0].  If you want to use SMB alerts, then
use the SMB alert plugin and not the command line option [1].


HTH, 

- Christopher 

[0] http://www.snort.org/docs/writing_rules/chap1.html#tth_sEc1.4.1 
[1] http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.4


-----Original Message-----
From: Dirk Stubbs [mailto:snakeman at ...9175...]
Sent: Wednesday, May 14, 2003 6:28 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort 2.0 + MySQL + SMBalerts question


I am running Snort  monitoring two sensors. To do this I had to run 2
instances of snort. No big deal. However I would like to send samba alerts
to  designated workstations aswell. When I start snort with the -M switch
and hosts filename, it won't log to my MySQL db. Can you only log to
database or send samba alerts? Would I have to run another instance of snort
just for the smbalerts?

Thanks
Dirk



-------------------------------------------------------
Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions
www.enterpriselinuxforum.com

_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list