Hosting Provided By

Re: [Snort-users] Alerts, Logged and Passed

From: Erek Adams <erek(at)snort.org>
Date: Fri Feb 28 2003 - 18:30:50 EST

On Fri, 28 Feb 2003, Clayton Mascarenhas wrote:

>
> Erek... one last doubt.. I am sorry for bugging you like this and being

The way it works:

If you have an alert....

"Alert Facility" --> "Log Facility" --> <whatever output>

But it _only_ counts as an "Alert", not a "Log".

If you have a log....

Do you need help?

"Log Facility" --> <whatever output>

And it only counts as a "Log".

Think of two containers. One, "Alert" is above the other. Two, "Log" is below #1. Items from #1 (alert) spill over into #2 (log). From container #2 the items go to <whatever>.

So....

You can put items into #1. Once they go in, they go to #2.

You can put items into #2. Once they go in, they go to <wherever>.

If an item goes into #1, it then goes to #2, and then to <wherever>.

If an item _only_ goes into #2, then it just goes to <wherever>.

Do you need more help?

Is that any better? :)

Erek Adams

"When things get weird, the weird turn pro." H.S. Thompson

This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven.
http://thinkgeek.com/sf

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Fri Feb 28 19:07:10 2003

This message: [ Message body ]
Next message: Sadanapalli, Pradeep Kumar (MED, TCS): "RE: [Snort-users] Running snort in daemon mode disables network c onnection"
Previous message: Clayton Mascarenhas: "Re: [Snort-users] Alerts, Logged and Passed"
In reply to: Clayton Mascarenhas: "Re: [Snort-users] Alerts, Logged and Passed"

Contemporary messages sorted: [ By Date ] [ By Thread ] [ By Subject ] [ By Author ] [ By messages with attachments ]

This archive was generated by hypermail 2.1.8 : Wed Aug 23 2006 - 11:49:57 EDT