[Snort-users] logging directory "/var/log/snort"
snort_sigs at ...125...
Sat May 1 15:56:04 EDT 2004
Thanks a lot Sgt_B!
that's what I thought. makes great sense....soon, I'll not be using a DB
>From: sgt_b <sgt_b at ...11733...>
>To: Corey Rock <snort_sigs at ...125...>
>CC: Snort-users at lists.sourceforge.net
>Subject: Re: [Snort-users] logging directory "/var/log/snort"
>Date: Sat, 01 May 2004 17:52:02 -0500
>Sorry, forgot to mention this in my previous mail.
>Snort still needs a place to put the 'alert' file when you log to a
>database. The line in your snort.conf specifies the use of the "log" action
>in your output plugin. So it still needs to send the "alert" to its logging
>location (default /var/log/snort).
>You can set the action event in the output plugin to "alert" as well.
>Unfortunately, I don't regularly use snort to output to a db, so I can't
>tell you which action event is better, log or alert, or if you can use them
>at the same time. In my limited work with snort and databases, I've always
>used the log action event, and let the alert file get generated in
>At any rate, that's why snort is still asking for /var/log/snort when
>you're logging to a database.
Getting married? Find tips, tools and the latest trends at MSN Life Events.
More information about the Snort-users