[Snort-users] turning off /var/log/snort.alerts

Nathan Spande NSpande at ...620...
Tue Oct 10 12:57:00 EDT 2000


Hey all,

Ok, I know this is going to be one of those "doh!  I should have thought of
that!" answers, but it just isn't coming to me.  I'm using the Snort 1.7
beta (so I can use ACID) from CVS a week or so ago, and logging to a MySQL
database.  My rules file has the following line:

output database: log, mysql, dbname=snort user=snort host=localhost

The problem is that I'm also getting the /var/log/snort.alert file.  This is
particularly odd because I pass snort the -l /home/snort parameter on the
command line, so if anything I figure I should get /home/snort/snort.alert.

I tried changing it to use the alert facility, but then I get a bunch of
portscan messages in the database, which sadly just clutter things up a bit
too much.  My end goal is just logging rule-based alerts to the database,
and portscans to a flat file.  Any advice here?

Thanks all,

Nathan



More information about the Snort-users mailing list