[Snort-users] Output Plugins

Eric Kahklen eric at ...12407...
Thu Sep 9 13:02:14 EDT 2004

I am trying to setup my 1st snort box and was going through the 
snort.conf.  I am going to be using ACID with mysql.   From the docs, it 
says you can either use log or alert.

The example they include is:

 output database: log, mysql, user=root password=test dbname=db 

Is it better to use log vs. alert? Does that mean that mysql will only 
capture data that triggers rules written with the log action event?

Also, is there a way to point all snort logging period to go to one 
directory vs. being put into my messages directory?




Seattle, WA

More information about the Snort-users mailing list