[Snort-users] RE: alert_full won't create subdirectories for ip addresses when mysql logging is enabled
L. Christopher Luther
CLuther at ...6333...
Mon Dec 2 12:26:11 EST 2002
I too have been bitten by this issue, but for the life of me, I cannot find
any reference for the log_ascii output plugin in the Snort docs:
Is this something that is undocumented?
Date: Fri, 29 Nov 2002 11:04:03 -0500
From: "Andrew R. Baker" <andrewb at ...950...>
To: Peter Schobel <drifter at ...7633...>
CC: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] alert_full won't create subdirectories for ip
when mysql logging is enabled
Peter Schobel wrote:
> I have been searching the lists and have found a few posts on this problem
> couldn't find any posts that described a resolution
> I am using
> output alert_full
> output alert_syslog: LOG_AUTH LOG_ALERT
> output database: log, mysql, user=user password=pass dbname=snortlogs
> as soon as I turn on the database output, the ip address subdirectories in
> /var/log/snort are not created, when the database logging is disabled,
> functionality returns to normal
> I am starting snort with
> daemon /usr/sbin/snort-mysql -l /var/log/snort -D -p\
> -i $INTERFACE -c /etc/snort/snort.conf
If you are looking for the sub-directory output, you need to enable the
log_ascii output plugin. The reason you see them when you have the
database output plugin disabled is because log_ascii is the default
packet logging mechanism.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users