Re: [Snort-users] Barnyard woes

From: Andrew R. Baker <andrewb(at)snort.org>
Date: Wed Feb 19 2003 - 09:58:40 EST

Ken Gunderson wrote:
> On Tuesday 18 February 2003 08:16 pm, Andrew R. Baker wrote:

>>Joerg Weber wrote:
>>  > Here's my problem:
>>  > 1) I'd like to use SnortCenter to maintain my sensors.
>>  > SnortCenter adds the unified_plugin like this:
>>  > output log_unified: filename snort-unified, limit 500
>>  > but no alert_unified:
>>  > Should I add this by hand via a preprocessor?
>>
>>If you are only using the database output, you do not need to the
>>unified alert file.  All of the alert data should be in the unified
>>log file.

>
>
> [snip]

No, you just need log_acid_db. This will get alerts w/ packet logs into the database. The confusing part is that, with several output plugins, log means alert w/ packet. Unfortunately, it is a little late in Snort's lifetime to try to clarify this.

-A

---

This SF.net email is sponsored by: SlickEdit Inc. Develop an edge. The most comprehensive and flexible code editor you can use. Code faster. C/C++, C#, Java, HTML, XML, many more. FREE 30-Day Trial. www.slickedit.com/sourceforge

---

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Wed Feb 19 10:17:53 2003