Snort mailing list archives

RE: Database Plugin - Alert vs. Log

From: "L. Christopher Luther" <CLuther () Xybernaut com>
Date: Wed, 27 Nov 2002 18:04:38 -0500

Thanks, the information is most helpful.  Of course, if the db plugin is
only in log mode, then portscan alerts are not sent to the database. :{  

When o when will the portscan data be normalized so that it can cleanly be
put into a database?!  Sigh...  

- Christopher


-----Original Message-----
From: Erek Adams [mailto:erek () theadamsfamily net]
Sent: Wednesday, November 27, 2002 2:47 PM
To: L. Christopher Luther
Cc: Snort-Users (E-mail)
Subject: Re: [Snort-users] Database Plugin - Alert vs. Log


On Wed, 27 Nov 2002, L. Christopher Luther wrote:

Can anyone tell me if there are any differences between sending "alert"

data

to a MySQL database vs. sending only "log" data to a MySQL database?


[...snip...]

Yeppers.  Our Benevolent Dictator For Life has a few words [0] to say.

Hope that helps!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


[0]     http://www.theadamsfamily.net/~erek/snort/logging_methods.txt

Current thread:

Database Plugin - Alert vs. Log L. Christopher Luther (Nov 27)
- Re: Database Plugin - Alert vs. Log Erek Adams (Nov 27)
- <Possible follow-ups>
- RE: Database Plugin - Alert vs. Log L. Christopher Luther (Nov 27)
  - RE: Database Plugin - Alert vs. Log Frank Knobbe (Nov 27)
- RE: Database Plugin - Alert vs. Log L. Christopher Luther (Dec 02)
  - RE: Database Plugin - Alert vs. Log Frank Knobbe (Dec 02)