[Snort-users] logging directory "/var/log/snort"

Corey Rock snort_sigs at ...125...
Sat May 1 15:56:04 EDT 2004


Thanks a lot Sgt_B!

that's what I thought.  makes great sense....soon, I'll not be using a DB 
either!

thanks again!

Corey


>From: sgt_b <sgt_b at ...11733...>
>To: Corey Rock <snort_sigs at ...125...>
>CC: Snort-users at lists.sourceforge.net
>Subject: Re: [Snort-users] logging directory "/var/log/snort"
>Date: Sat, 01 May 2004 17:52:02 -0500
>
>Corey,
>
>Sorry, forgot to mention this in my previous mail.
>
>Snort still needs a place to put the 'alert' file when you log to a 
>database. The line in your snort.conf specifies the use of the "log" action 
>in your output plugin. So it still needs to send the "alert" to its logging 
>location (default /var/log/snort).
>
>You can set the action event in the output plugin to "alert" as well. 
>Unfortunately, I don't regularly use snort to output to a db, so I can't 
>tell you which action event is better, log or alert, or if you can use them 
>at the same time. In my limited work with snort and databases, I've always 
>used the log action event, and let the alert file get generated in 
>/var/log/snort.
>
>At any rate, that's why snort is still asking for /var/log/snort when 
>you're logging to a database.
>

_________________________________________________________________
Getting married? Find tips, tools and the latest trends at MSN Life Events. 
http://lifeevents.msn.com/category.aspx?cid=married





More information about the Snort-users mailing list