[Snort-users] turning off /var/log/snort.alerts
NSpande at ...620...
Tue Oct 10 12:57:00 EDT 2000
Ok, I know this is going to be one of those "doh! I should have thought of
that!" answers, but it just isn't coming to me. I'm using the Snort 1.7
beta (so I can use ACID) from CVS a week or so ago, and logging to a MySQL
database. My rules file has the following line:
output database: log, mysql, dbname=snort user=snort host=localhost
The problem is that I'm also getting the /var/log/snort.alert file. This is
particularly odd because I pass snort the -l /home/snort parameter on the
command line, so if anything I figure I should get /home/snort/snort.alert.
I tried changing it to use the alert facility, but then I get a bunch of
portscan messages in the database, which sadly just clutter things up a bit
too much. My end goal is just logging rule-based alerts to the database,
and portscans to a flat file. Any advice here?
More information about the Snort-users