Snort mailing list archives
Re: Logging Question
From: Phil Wood <cpw () lanl gov>
Date: Mon, 11 Jun 2001 17:34:17 -0600
On Mon, Jun 11, 2001 at 06:13:31PM -0400, Jim Kipp wrote:
Hi What is the differene between using the -s option to log to syslog and the output plugin: output alert_syslog: LOG_AUTH LOG_ALERT ? and should/could I be using both at the same time ??
No. I think the goal is to end up with most all your "options" defined in the configuration file. If you have more than one output/alert option they must all be in the conf file. The switches on the command line, having to do with logging, override what's in the conf file. This is not always obvious in practice, and leads one to madness on occasion.
Thanks Jim _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Phil Wood, cpw () lanl gov _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- How to review actual packets? Sheahan, Paul (PCLN-NW) (Jun 11)
- Re: How to review actual packets? Chris Green (Jun 11)
- Logging Question Jim Kipp (Jun 11)
- Re: Logging Question Phil Wood (Jun 11)
- Re: Logging Question Rich Adamson (Jun 11)
- Logging Question Jim Kipp (Jun 11)
- Re: How to review actual packets? John Sage (Jun 11)
- Re: How to review actual packets? Chris Green (Jun 11)