Snort mailing list archives
loging
From: Greg Sarsons <gsarsons () home com>
Date: Sun, 16 Sep 2001 00:04:17 -0400
What I'm trying to do ...... I'm wanting to do some traffic analysis of a network so I can see what is going on. So I've put together a box that is running snort,mysql,acid etc. But my problem is this. I want to collect all the traffic. So I've got the rules to log_tcpdump with "ouput log_tcpdump: snort.log" and I've also sending to a mysql db with "output database: log, mysql, ...." This is started from snortd with the options /snort -u snort -g snort -d -D \ -c /etc/snort/snort.conf I don't see any warnings in /var/log/messages about the command line overriding a rule. So I have a couple of questions. The first is what do I do to log all the traffic ie pop request, traceroute etc? Next what is the big difference with "output database: log ..." and "output database: alert ..."? Would I be better off using the unified binary format? Any suggestions would be appreciated? Greg _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- loging Greg Sarsons (Sep 15)