[Snort-users] about log and alert

Joel Esler jesler at ...1935...
Fri Dec 11 08:41:08 EST 2009


On 12/11/09 4:01 AM, Pradeep Lamabam wrote:
> hello
>
> i am using snort with barnyard2 and logging the data with mysql. in
> barnyard2.conf, in the line output database: log, mysql, user=root
> password=test dbname=db host=localhost, we have two options to log
> alerts ( ie log or alert).
> what i want to know is the difference in using log or alert and how each
> affects the way alerts are logged in the database.
>


If you use Unified2, as specified on about page 101 of the Snort Users 
Manual (pdf form), you will see that you don't need to decide between 
the two, as Unified2 has the ability to log both in one file.

Joel




More information about the Snort-users mailing list