[Snort-users] -l parameter

Dirk Geschke Dirk at ...10648...
Mon Dec 8 13:28:03 EST 2003


Hi Adam,

> Is the -l (that's an L) parameter required?  I log to a db so I don't
> want to log to disk but for some reason, whether I use the -l
> parameter or not, Snort is "detecting" my previously specified log
> directory and writing to disk.  My disk isn't very big so I can't
> afford to log to disk.  I have no output options logging locally.
> Just 1 line in snort.conf for output:
> 
> output database: alert, mysql, user=zzz password=zzz dbname=zzz
> host=zzz sensor_name=zzz

I guess all you need is the option "-N". You still need a log 
directory for snort but it won't be used. But all alerts will 
be send to the database via the output plugin.

Best regards

Dirk





More information about the Snort-users mailing list