[Snort-sigs] disable /var/log/snort logging

Nick White nwhite at ...1504...
Wed May 7 11:27:02 EDT 2003

(reposting from snort-users)

Hi All,
I'm fairly new with snort, so go easy on me.  I'm running snort and
logging to mysql just fine.  The problem is, it's also logging to
/var/log/snort.  I need to figure out how to disable this logging to
disk.  I've looked at all the switches, and I can't seem to figure it
out.  I tried -A none, but then it stopped alerting to mysql.  I also
tried -l /dev/null, but it didn't like that one.

Snort starts as a service via: 
/usr/local/bin/snort -u snort -g snort -d -D -c /etc/snort/snort.conf

In snort.conf, I log to mysql with:
output database: alert, mysql, user=snortusr password=fakepass
dbname=snort host=localhost 

I'm trying to kill snort with as much data as I can throw at it, and it
always dies after a few minutes with:
May  6 14:54:34 localhost snort: FATAL ERROR: OpenLogFile() =>
fopen(/var/log/snort/ log file: Not a directory

But I KNOW that the snort user has full permission to /var/log/snort.
But I don't need logging to disk.  It's a waste.  I only want it to log
to mysql.

(I've got snort to stop crashing by using -b.  Now, to figure out how to
prevent it from logging to disk - please help!)

Thanks for your help!
- nick white

More information about the Snort-sigs mailing list