[Snort-users] Alert log file

gandalf gandalf at ...10626...
Mon Nov 24 07:17:05 EST 2003

Hi all

Being rather new to this software, I have a beginners

Running snort in NIDS mode, the 'alert' log file grows huge
quite fast. It seems to me the most 'critical' and
interesting messages are the ones classified as 'Priority
Is there an easy way to log only 'Priority 1' messages, i.e.
to filter out classes of lower priority?

Of course, I could write a script to post-process the log
file, but I want to avoid the alert file growing so big,
possibly increasing performace at the same time.

Thanks in advance

More information about the Snort-users mailing list