[Snort-users] Alerts, Logged and Passed

From: Clayton Mascasrenhas <masclaythesnort(at)yahoo.com>
Date: Fri Feb 28 2003 - 12:51:53 EST

Hi,

After I run snort... a summary shows up saying Alerts = 6 , Logged = 6, Passed = 0. When I open my alert file that is generated I see 6 alerts there. Then for another data file when I run snort I get Alerts = 4 , Logged = 0, Passed = 0. Now when I open my alert file I see 4 alerts inspite of them telling me Logged = 0. So what does that mean??.. that "Logged" word.. does it represent anything?? Sometimes I get Alert = 8 and Logged = 14... here they say a number greater than that alerted... which throws me completely off. Now I am really confused. I did read Marty's article at http://www.theadamsfamily.net/~erek/snort/logging_methods.txt but I still am not so clear. Please can someone help me out here.

I also noticed that when in the summary they say Alerts = some number X and Logged = some number Y which is not equal to X ... then the scan file generated has something in it.... otherwise there is nothing in it. What is this scan file?? Does it have anything to do with the Logged and Alert things. Please could someone help me out and clarify this for me. Regards
Clayton Mascarenhas

---

Do you Yahoo!?
Yahoo! Tax Center - forms, calculators, tips, and more

---

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

---

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Fri Feb 28 12:54:59 2003