Snort mailing list archives

RE: Alert or log?

From: francisv () dagupan com
Date: Sat, 15 Feb 2003 08:51:30 +0800

Drop and rebuild the tables? Can't I just switch between alert and log
without having to re-create the tables? ;-)

-----Original Message-----
From: Erek Adams [mailto:erek () snort org] 
Sent: Friday, February 14, 2003 9:50 PM
To: francisv () dagupan com
Cc: snort-users () lists sourceforge net
Subject: RE: [Snort-users] Alert or log?

On Fri, 14 Feb 2003 francisv () dagupan com wrote:

Thanks Erek! If I want to use ACID with barnyard and snort, which logging
method would be more useful?


With BY you can watch either one of them.  Which is better?  That's up to
you.  I'd suggest taking the same data and running it thru twice:  Once
with alert and then once with log.  That way you'll see which one gives
you the info you're looking for.  Then drop the tables and rebuild them
once you've chosen.

Hope that helps!

-----
Erek Adams

   "When things get weird, the weird turn pro."   H.S. Thompson


-------------------------------------------------------
This SF.NET email is sponsored by: FREE  SSL Guide from Thawte
are you planning your Web Server Security? Click here to get a FREE
Thawte SSL guide and find the answers to all your  SSL security issues.
http://ads.sourceforge.net/cgi-bin/redirect.pl?thaw0026en
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Alert or log? francisv (Feb 13)
- Re: Alert or log? Erek Adams (Feb 13)
- <Possible follow-ups>
- RE: Alert or log? francisv (Feb 13)
  - RE: Alert or log? Erek Adams (Feb 14)
  - Re: Alert or log? Bamm Visscher (Feb 14)
    - Re: Alert or log? Paul B. Poh (Feb 16)
- RE: Alert or log? francisv (Feb 14)
  - RE: Alert or log? Erek Adams (Feb 15)