[Snort-users] about log and alert
jesler at ...1935...
Fri Dec 11 08:41:08 EST 2009
On 12/11/09 4:01 AM, Pradeep Lamabam wrote:
> i am using snort with barnyard2 and logging the data with mysql. in
> barnyard2.conf, in the line output database: log, mysql, user=root
> password=test dbname=db host=localhost, we have two options to log
> alerts ( ie log or alert).
> what i want to know is the difference in using log or alert and how each
> affects the way alerts are logged in the database.
If you use Unified2, as specified on about page 101 of the Snort Users
Manual (pdf form), you will see that you don't need to decide between
the two, as Unified2 has the ability to log both in one file.
More information about the Snort-users