[Snort-users] what's the difference between alert_fast and alert_unified?

Patrick Harper patrick at ...4250...
Fri Oct 21 01:04:49 EDT 2005

We really need more info on what you are doing.  Are you logging to a DB?
are you using barnyard?  -A is the default, unified is usually used with
barnyard.  It all depends on your setup.

Patrick S. Harper | CISSP RHCT MCSE

Just because your paranoid, doesn't mean they're not out to get you 
-----Original Message-----
From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of zhaohui yin
Sent: Friday, October 21, 2005 12:50 AM
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] what's the difference between alert_fast and

Hi all:
    I am confused the snort option about alert_fast /alert_unified,
and want to known in which mode ,snort will run fastest.
   I run snort with -b -A fast option, any suggestion?

This SF.Net email is sponsored by:
Power Architecture Resource Center: Free content, downloads, discussions,
and more. http://solutions.newsforge.com/ibmarch.tmpl
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list