The IDS can send its output to different locations. At this index card you can select where you want to send the messages to:
• | Use Syslog Output Module: The IDS sends its messages to the syslog. |
• | Use Firewall Alert and Output Solution: The IDS sends its messages to the given email addresses. You can select the priority that must be reached to send the messages. |
• | Use Database Output Module: An extern database server (MySQL or PostgreSQL) is needed for this module. Unfortunately, Snort doesn't support encrypted database connections, so you have to use an IPSec tunnel. Scripts to generate the necessary tables are located locally under /usr/share/doc/snort-mysql or /usr/share/doc/snort-pgsql. A great external tool to analyze traffic is BASE. |
|