[Snort-users] how do I stop snort logging to /var/log/snort and only the databa se?
Emelander at ...3910...
Sat Oct 27 10:46:02 EDT 2001
My environment consists of 2 machines: a sensor and an analyzer. The sensor
is running snort in packet
sniffing mode and logging to a binary tcpdump file that every hour is pulled
off the sensor from the analyzer
via scp. On the analyzer the binary tcpdump file is read in using the
snort -c /etc/snort/sensor.snort.conf -r tcp.2001102515
I have configured my logging as such:
output alert_syslog: LOG_AUTH LOG_ALERT LOG_PID
output database: alert, mysql, user=XXXXXX password=XXXXXX dbname=snort
While snort is logging to the database as I would expect, it is also dumping
data into the /var/log/snort directory in the form
of IP address named sub-directories with alerts contained in said
directories. Is there a switch or a parameter in my
snort.conf that I can use to prevent this extraneous logging? If I have
missed something in the readmes and FAQ
please direct me to the appropriate section. Thanks!
More information about the Snort-users