Snort mailing list archives
Re: Daily mail notification don't work anymore
From: Frank Knobbe <frank () knobbe us>
Date: Tue, 28 Dec 2004 11:44:24 -0600
On Tue, 2004-12-28 at 08:40 +0100, Sam Przyswa wrote:
The only way to log in ASCII format in /var/log/snort/alert log file for me it's to add the "-A full" option into the snort.common.parameters but then IT STOP TO LOG IN MySQL !
That is not correct. Do not add -A as it will disable all outputs configured in snort.conf. Instead, add the following to snort.conf: output alert_full: alert.ids (for full, multi-line output into alert.ids) output log_ascii: (for full packet details in /var/log/snort/<ip>) These can be used for emailing from cron. Using these two will preserve anything else in snort.conf, like database logging. Regards, Frank
Attachment:
signature.asc
Description: This is a digitally signed message part
Current thread:
- Daily mail notification don't work anymore Sam Przyswa (Dec 23)
- Message not available
- Re: Daily mail notification don't work anymore Sam Przyswa (Dec 27)
- Re: Daily mail notification don't work anymore Frank Knobbe (Dec 28)
- Re: Daily mail notification don't work anymore Sam Przyswa (Dec 29)
- Re: Daily mail notification don't work anymore Sam Przyswa (Dec 27)
- Message not available
- <Possible follow-ups>
- Daily mail notification don't work anymore Sam Przyswa (Dec 25)
- RE: Daily mail notification don't work anymore Patrick S. Harper (Dec 25)
- RE: Daily mail notification don't work anymore Sam Przyswa (Dec 25)
- RE: Daily mail notification don't work anymore Patrick S. Harper (Dec 25)