[Snort-users] output database - log vs. alert
ZZondlo at ...11597...
Mon Apr 12 14:36:12 EDT 2004
Hello all. Simple question here, what is the difference between choosing
log and alert in the output database section of snort.conf. I have a
sensor I need to minimize traffic from but would prefer to keep
relatively sensitive ,i.e not cut too many rules out, and was thinking
this might be a way.
Output database: log, mysql, user....
Output databse: alert, mysql, user...
Also, how do I control how log files are written to /var/log/snort? i.e
just one big alert file vs. multiple folders - one per ip address
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users