Snort mailing list archives

Logging to /var/log/snort/alert AND mysql?

From: "Chris Ling" <ling () spatialcomponents com>
Date: Wed, 9 May 2001 17:52:00 -0300

Hi, just looked over the FAQ & didn't see anything there.

With snort, I am running Guardian and another small script that mails me every
5 minutes if /var/log/snort/alert changes.  I've been reading about ACID for
the last few weeks, and finally made the effort to install apache, mysql, php
and ACID.

Running like a charm, with:

output database: alert, mysql, user=www dbname=snort host=localhost

-BUT-

I never used to bother with an output plugin before, so of course, my output
went to /var/log/snort/alert (Linux 2.2.14).  How can I still have that output
AND log to mysql/ACID?

commandline:

/usr/local/bin/snort -de -D -i eth0 -c /etc/snort/snort.conf


:\        Chris Ling - Systems Analyst / Programmer       /:
:|  Components Division, CARIS / Fredericton, NB, Canada  |:
:|    ling () spatialcomponents com | phone: (506)462-4212   |:
:/  Mind over matter; if you don't mind, it don't matter. \:




_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Logging to /var/log/snort/alert AND mysql? Chris Ling (May 09)