Snort mailing list archives
Re: SnortCenter and multiple output plugins
From: Erek Adams <erek () snort org>
Date: Sat, 9 Aug 2003 18:02:25 -0400 (EDT)
On Sat, 9 Aug 2003, Chris Dos wrote:
I read the information. However, it doesn't seem to work in practice. If I just have database logging Log and not Alert, I do not get any portscans detected listed in Acid. This is an exerpt from the Acid FAQ:
[...snip...] Log vs. Alert has been discussed forever on this list. :) The long and short of it is this: Log: Logs the packet and any other information to disk. Alert: Builds an alert and passes it along with the packet data to the Log facility. So Log catches all Alerts as well. Check the last line in the link that I sent: What this means in practical terms is that if the db plugin is in alert mode, it will only receive output from alert rules, whereas if it's in "log" mode it will receive output from both log and alert rules. Cheers! ----- Erek Adams "When things get weird, the weird turn pro." H.S. Thompson ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01/01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SnortCenter and multiple output plugins Chris Dos (Aug 08)
- Re: SnortCenter and multiple output plugins Erek Adams (Aug 09)
- Re: SnortCenter and multiple output plugins Chris Dos (Aug 09)
- Re: SnortCenter and multiple output plugins Erek Adams (Aug 09)
- Re: SnortCenter and multiple output plugins Chris Dos (Aug 09)
- Re: SnortCenter and multiple output plugins Erek Adams (Aug 09)