[Snort-users] Output Plugins
eric at ...12407...
Thu Sep 9 13:02:14 EDT 2004
I am trying to setup my 1st snort box and was going through the
snort.conf. I am going to be using ACID with mysql. From the docs, it
says you can either use log or alert.
The example they include is:
output database: log, mysql, user=root password=test dbname=db
Is it better to use log vs. alert? Does that mean that mysql will only
capture data that triggers rules written with the log action event?
Also, is there a way to point all snort logging period to go to one
directory vs. being put into my messages directory?
More information about the Snort-users