[Snort-sigs] disable /var/log/snort logging
nwhite at ...1504...
Wed May 7 11:27:02 EDT 2003
(reposting from snort-users)
I'm fairly new with snort, so go easy on me. I'm running snort and
logging to mysql just fine. The problem is, it's also logging to
/var/log/snort. I need to figure out how to disable this logging to
disk. I've looked at all the switches, and I can't seem to figure it
out. I tried -A none, but then it stopped alerting to mysql. I also
tried -l /dev/null, but it didn't like that one.
Snort starts as a service via:
/usr/local/bin/snort -u snort -g snort -d -D -c /etc/snort/snort.conf
In snort.conf, I log to mysql with:
output database: alert, mysql, user=snortusr password=fakepass
I'm trying to kill snort with as much data as I can throw at it, and it
always dies after a few minutes with:
May 6 14:54:34 localhost snort: FATAL ERROR: OpenLogFile() =>
fopen(/var/log/snort/10.10.1.30/UDP:138-138) log file: Not a directory
But I KNOW that the snort user has full permission to /var/log/snort.
But I don't need logging to disk. It's a waste. I only want it to log
(I've got snort to stop crashing by using -b. Now, to figure out how to
prevent it from logging to disk - please help!)
Thanks for your help!
- nick white
More information about the Snort-sigs