Snort Logging Level Differences
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
10-03-2018 09:45 AM - edited 02-21-2020 08:19 AM
I see that Snort has 8 different logging levels:
logging level {alert | crit | debug | emerg | err | info | notice | warning}
What are the differences between them?
I did find a listing related to Snort Web Filtering that states:
Level | Description |
1 - Emergencies | System unusable |
2 - Alerts | Immediate action needed |
3 - Critical | Critical condition |
4 - Errors | Error condition |
5 - Warnings | Warning condition |
6 - Notifications | Normal but significant condition |
7 - Informational | Informational messages only |
8 - Debugging | Appears during debugging only |
But that can be confusing too. Does setting the logging level to debug only send messages when Snort is in Debug mode?
I am looking to get all the messages possible and then dial it back from there.
Or is there another / better description of the different logging levels?
Thanks
- Labels:
-
IPS and IDS

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
11-10-2018 05:01 AM
No, the moment you set a component to debug, it will start logging message at that log level.
Ideally, one should stick to Warning/Error level so that there is a balance of load and information at production site.
