[Snort-users] snort-1.8.7 and alert file
Andrew R. Baker
andrewb at ...950...
Tue Jul 30 08:36:03 EDT 2002
bthaler at ...2720... wrote:
> OK. Now my snort.conf has this:
> output log_null
> output log_unified: filename snort.log, limit 128
> And logging is back, but so is the alert file. Sorry if I'm missing something really basic here.
> As far as my network utilization, I'm using about 30Mbit of a 45Mbit pipe.
get rid of the log_null and the "-N" on the commandline. Instead add
"-A none" to your commandline to turn off the alerting. The unified log
file will contain the alert data *and* the packet logs.
More information about the Snort-users