[Snort-users] Problems with Snort 2.0rc4

Anderson Johnston andy at ...2878...
Wed Apr 9 15:27:03 EDT 2003

Before I bother the developers with my whining, I wanted to make sure
that I'm not missing something:

1.) I can't turn the logging option off.  Neither the -N argument in the
command line nor the "config nolog" in the configuration file seem to stop
directories named after IPs from being created in the logging directory.
All I want is the alert file.

Specifically, I want
	output alert_fast:  /usr/home/analyst/alert/alert


2.) If I don't specify a logging directory in the command line (-l
option), snort tries to use the default logging directory (which doesn't
exist) even though I've specified no logging.


I'm planning to look at unified logging next, but I want to get this stuff
sorted out for backward compatibility with my existing system.

					- Andy Johnston
** Andy Johnston (andy at ...2878...)          *            pager: 410-678-8949  **
** Manager of IT Security                 * PGP key:(afj2002) 4096/8448B056 **
** Office of Information Technology, UMBC *   4A B4 96 64 D9 B6 EF E3 21 9A **
** 410-455-2583 (v)/410-455-1065 (f)      *   46 1A 37 11 F5 6C 84 48 B0 56 **

More information about the Snort-users mailing list