Alert log file

["gandalf" <gandalf () bostream nu>]

Hi all

Being rather new to this software, I have a beginners
question.

Running snort in NIDS mode, the 'alert' log file grows huge
quite fast. It seems to me the most 'critical' and
interesting messages are the ones classified as 'Priority
1'.
Is there an easy way to log only 'Priority 1' messages, i.e.
to filter out classes of lower priority?

Of course, I could write a script to post-process the log
file, but I want to avoid the alert file growing so big,
possibly increasing performace at the same time.


Thanks in advance


-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users