[Snort-users] output database - log vs. alert

Zondlo, Zack ZZondlo at ...11597...
Mon Apr 12 14:36:12 EDT 2004


Hello all. Simple question here, what is the difference between choosing
log and alert in the output database section of snort.conf. I have a
sensor I need to minimize traffic from but would prefer to keep
relatively sensitive ,i.e not cut too many rules out, and was thinking
this might be a way.
 
Example:
 
Output database: log, mysql, user....
 
Output databse: alert, mysql, user...
 
Also, how do I control how log files are written to /var/log/snort?  i.e
just one big alert file vs. multiple folders - one per ip address
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20040412/e1c8e5e0/attachment.html>


More information about the Snort-users mailing list