[Snort-users] turning off /var/log/snort.alerts

Martin Roesch roesch at ...421...
Thu Oct 12 02:02:47 EDT 2000


This is something that hasn't been fixed in the 1.6.x->1.7 transition, but I'm
working on it.  When we do a formal beta release (soon, hopefully) we'll fix
that as well as a bunch of other little things.

    -Marty

Nathan Spande wrote:
> 
> Hey all,
> 
> Ok, I know this is going to be one of those "doh!  I should have thought of
> that!" answers, but it just isn't coming to me.  I'm using the Snort 1.7
> beta (so I can use ACID) from CVS a week or so ago, and logging to a MySQL
> database.  My rules file has the following line:
> 
> output database: log, mysql, dbname=snort user=snort host=localhost
> 
> The problem is that I'm also getting the /var/log/snort.alert file.  This is
> particularly odd because I pass snort the -l /home/snort parameter on the
> command line, so if anything I figure I should get /home/snort/snort.alert.
> 
> I tried changing it to use the alert facility, but then I get a bunch of
> portscan messages in the database, which sadly just clutter things up a bit
> too much.  My end goal is just logging rule-based alerts to the database,
> and portscans to a flat file.  Any advice here?
> 
> Thanks all,
> 
> Nathan
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list