[Snort-users] snort-1.8.7 and alert file

Andrew R. Baker andrewb at ...950...
Tue Jul 30 08:36:03 EDT 2002


bthaler at ...2720... wrote:
> OK.  Now my snort.conf has this:
> 
> output log_null
> output log_unified: filename snort.log, limit 128
> 
> And logging is back, but so is the alert file.  Sorry if I'm missing something really basic here.
> 
> As far as my network utilization, I'm using about 30Mbit of a 45Mbit pipe.

get rid of the log_null and the "-N" on the commandline.  Instead add 
"-A none" to your commandline to turn off the alerting.  The unified log 
file will contain the alert data *and* the packet logs.

-A





More information about the Snort-users mailing list