[Snort-sigs] I don't want scan.log

Dan Monjar daniel.monjar at ...1816...
Thu Aug 28 09:02:09 EDT 2003


Apologies if this is the wrong list... pointers to the right one
appreciated.

I'm running 2.0.1 and am starting it with
'nohup snort -N -c /snort/rules/snort.conf -h 10.155.0.0/16 -b -i fxp0 -l
/snort/alerts -d &'

I am logging to a MySQL db and using ACID for reporting.  Can I start snort
so that it will not create an scan.log file and possible not create an
alerts file while still logging to MySQL and giving ACID what it needs?

with the latest Blaster stuff happening my scan.log file is filling up a
8GB partition nightly:

[root at ...1817... alerts]# ls -lk
total 8532988
-rw-------  1 root  users    69844992 Aug 28 09:06 alert
-rw-------  1 root  users  8663441321 Aug 28 10:41 scan.log
-rw-------  1 root  users      101195 Aug 27 16:03 snort.log.1061991458
-rw-------  1 root  users       85220 Aug 28 10:27 snort.log.1062014764


--
Daniel Monjar
Manager, Technical Services
bioMérieux, Inc.
Durham, NC US


--
Daniel Monjar
IS Manager, Technical Services
bioMérieux, Inc.
Durham, NC US
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-sigs/attachments/20030828/3187177c/attachment.sig>


More information about the Snort-sigs mailing list