[Snort-users] -l parameter

adam_peterson at ...10608... adam_peterson at ...10608...
Mon Dec 8 16:18:00 EST 2003


I used -N as suggested and it solved my problem.  The only files created 
are a 0 byte scan.log and a portscan.log that's > 0 bytes which I can deal 
with.  I think that's because the portscan preprocessor has to log to a 
file for comparison.

Adam Peterson | Senior WAN Engineer | SPL WorldGroup | 
adam_peterson at ...10608...




Chris Keladis <chris at ...6400...>
12/09/2003 11:12 AM ZE11

 
        To:     Dirk Geschke <Dirk at ...10648...>, adam_peterson at ...10608...
        cc:     snort-users at lists.sourceforge.net
        Subject:        Re: [Snort-users] -l parameter


At 10:27 PM 8/12/2003 +0100, Dirk Geschke wrote:

> > afford to log to disk.  I have no output options logging locally.
> > Just 1 line in snort.conf for output:
> >
> > output database: alert, mysql, user=zzz password=zzz dbname=zzz
> > host=zzz sensor_name=zzz
>
>I guess all you need is the option "-N". You still need a log
>directory for snort but it won't be used. But all alerts will
>be send to the database via the output plugin.

Hrrmm.. I use -N and -l (that's L) with unified output, and i still get 
logs to the 'alert' file.

I haven't looked into it, but it always had me wondering why?




Regards,

Chris.




-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031208/eea1bdab/attachment.html>


More information about the Snort-users mailing list