https://community.cisco.com/t5/network-security/snort-logging-level-differences/m-p/3718488#M32458 <P>I see that Snort has 8 different logging levels:</P> <P>logging level {alert | crit | debug | emerg | err | info | notice | warning}</P> <P>What are the differences between them?&nbsp;</P> <P>I did find a listing related to Snort Web Filtering that states:</P> <TABLE width="450"> <TBODY> <TR> <TD width="111"><STRONG>Level</STRONG></TD> <TD width="211"><STRONG>Description</STRONG></TD> </TR> <TR> <TD>1 - Emergencies</TD> <TD>System unusable</TD> </TR> <TR> <TD>2 - Alerts</TD> <TD>Immediate action needed</TD> </TR> <TR> <TD>3 - Critical</TD> <TD>Critical condition</TD> </TR> <TR> <TD>4 - Errors</TD> <TD>Error condition</TD> </TR> <TR> <TD>5 - Warnings</TD> <TD>Warning condition</TD> </TR> <TR> <TD>6 - Notifications</TD> <TD>Normal but significant condition</TD> </TR> <TR> <TD>7 - Informational</TD> <TD>Informational messages only</TD> </TR> <TR> <TD>8 - Debugging</TD> <TD>Appears during debugging only</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>But that can be confusing too. Does setting the logging level to debug only send messages when Snort is in Debug mode?</P> <P>I am looking to get all the messages possible and then dial it back from there.</P> <P>Or is there another / better description of the different logging levels?</P> <P>Thanks</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 21 Feb 2020 16:19:12 GMT Mark Littell 2020-02-21T16:19:12Z https://community.cisco.com/t5/network-security/snort-logging-level-differences/m-p/3718488#M32458 <P>I see that Snort has 8 different logging levels:</P> <P>logging level {alert | crit | debug | emerg | err | info | notice | warning}</P> <P>What are the differences between them?&nbsp;</P> <P>I did find a listing related to Snort Web Filtering that states:</P> <TABLE width="450"> <TBODY> <TR> <TD width="111"><STRONG>Level</STRONG></TD> <TD width="211"><STRONG>Description</STRONG></TD> </TR> <TR> <TD>1 - Emergencies</TD> <TD>System unusable</TD> </TR> <TR> <TD>2 - Alerts</TD> <TD>Immediate action needed</TD> </TR> <TR> <TD>3 - Critical</TD> <TD>Critical condition</TD> </TR> <TR> <TD>4 - Errors</TD> <TD>Error condition</TD> </TR> <TR> <TD>5 - Warnings</TD> <TD>Warning condition</TD> </TR> <TR> <TD>6 - Notifications</TD> <TD>Normal but significant condition</TD> </TR> <TR> <TD>7 - Informational</TD> <TD>Informational messages only</TD> </TR> <TR> <TD>8 - Debugging</TD> <TD>Appears during debugging only</TD> </TR> </TBODY> </TABLE> <P>&nbsp;</P> <P>But that can be confusing too. Does setting the logging level to debug only send messages when Snort is in Debug mode?</P> <P>I am looking to get all the messages possible and then dial it back from there.</P> <P>Or is there another / better description of the different logging levels?</P> <P>Thanks</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> <P>&nbsp;</P> Fri, 21 Feb 2020 16:19:12 GMT https://community.cisco.com/t5/network-security/snort-logging-level-differences/m-p/3718488#M32458 Mark Littell 2020-02-21T16:19:12Z https://community.cisco.com/t5/network-security/snort-logging-level-differences/m-p/3743322#M32459 This is something common over most of the platforms. The logging level ranges from 0-Fatal/Emergency to 7-Debug. The higher the level higher the inclusion of more granular, diagnostic information with more "noise" than you'd want in normal production situations. Setting a component to debug is a starter pack for any detailed diagnostic information. <BR /><BR />No, the moment you set a component to debug, it will start logging message at that log level. <BR /><BR />Ideally, one should stick to Warning/Error level so that there is a balance of load and information at production site. Sat, 10 Nov 2018 13:01:51 GMT https://community.cisco.com/t5/network-security/snort-logging-level-differences/m-p/3743322#M32459 Shubham Bharti 2018-11-10T13:01:51Z