loging

[Greg Sarsons <gsarsons () home com>]

What I'm trying to do ......

I'm wanting to do some traffic analysis of a network so I can see what
is going on.  So I've put together a box that is running
snort,mysql,acid etc.  But my problem is this.

I want to collect all the traffic.  So I've got the rules to log_tcpdump
with "ouput log_tcpdump: snort.log" and I've also sending to a mysql db
with "output database: log, mysql, ...."

This is started from snortd with the options 

/snort -u snort -g snort -d -D \
-c /etc/snort/snort.conf

I don't see any warnings in /var/log/messages about the command line
overriding a rule.

So I have a couple of questions.  The first is what do I do to log all
the traffic ie pop request, traceroute etc?  Next what is the big
difference with "output database: log ..." and "output database: alert
..."?

Would I be better off using the unified binary format?

Any suggestions would be appreciated?

Greg

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users