[Snort-devel] Logging bug in snort 1.8.6

Jeff Mercer mercer at ...1367...
Fri May 10 07:57:01 EDT 2002


Architecture: ppc

OS          : YellowDog Linux 2.1
              (2.4.10-12a #1 Tue Oct 9 04:29:39 EDT 2001 ppc unknown)

Rules Used  : Standard snort ruleset for 1.8.6
              Output plugin for mysql database

Command Line: snort -z -N -D -A fast -i eth1 -c /etc/snort/snort.conf

Error Messages: None


Here's the problem. When I tell Snort to *not* log packet data (the -N)
switch and to use fast Alert logging (-A fast), snort goes ahead and starts
logging packet data into individual sub-directories of /var/log/snort

Since I've already got snort pumping its data into a database, I don't want
to waste IO on logging the data again to files. Not at this point, anyways.

As far as I can tell from reading docs, this is a bug...

 ___________-------------============================-------------___________
/                     Jeff Mercer  <mercer at ...1367...>                   \
|                        Systems Administrator - BTInet                      |





More information about the Snort-devel mailing list