[Snort-users] Barnyard alert_fast and log_dump question ...
wintrmte at ...11827...
Mon Oct 4 16:04:56 EDT 2004
Sorry for the X-Post, but the barnyard-users list appears to be either
dead, or incredibly inactive..
Anyhow, I am hoping that someone here know the answer to my question..
I am trying to log both the alert_fast and log_dump information. The
problem I am running into is this...
If I use the -f option (base file name) and specify the alert unified
file, then it logs the alert_fast information to both syslog and plain
text file (exactly as I want). What I don't get, is any of the packet
dump information being logged to the database, or the packet.dump file
(Which, this makes sense because the alert unified file contains just
that, alert fast info).
Now, if I tell -f to use the log unified file, then I get exaclty the
opposite.. Nothing gets logged to Syslog, or the alert.fast plain
text file. I do get my packet.dump plain text file as well as full
packet information into the database. Ideally, I could live with this
scenario if it would just log the alert fast information to Syslog....
My question here is, how do I get both?
More information about the Snort-users