[Snort-users] Output Plugins

Jose Maria Lopez jkerouac at ...12346...
Fri Sep 10 09:56:07 EDT 2004

El jue, 09 de 09 de 2004 a las 22:01, Eric Kahklen escribió:
> I am trying to setup my 1st snort box and was going through the 
> snort.conf.  I am going to be using ACID with mysql.   From the docs, it 
> says you can either use log or alert.
> The example they include is:
>  output database: log, mysql, user=root password=test dbname=db 
> host=localhost
> Is it better to use log vs. alert? Does that mean that mysql will only 
> capture data that triggers rules written with the log action event?

I'v always used log and it logs all the rules with the alert action

> Also, is there a way to point all snort logging period to go to one 
> directory vs. being put into my messages directory?
> Thanks,
> Eric
Jose Maria Lopez Hernandez
Director Tecnico de bgSEC
jkerouac at ...12346...
bgSEC Seguridad y Consultoria de Sistemas Informaticos

The only people for me are the mad ones -- the ones who are mad to live,
mad to talk, mad to be saved, desirous of everything at the same time,
the ones who never yawn or say a commonplace thing, but burn, burn, burn
like fabulous yellow Roman candles.
                -- Jack Kerouac, "On the Road"

More information about the Snort-users mailing list