[Snort-users] -l parameter

Michael Steele michaels at ...9077...
Mon Dec 8 20:03:29 EST 2003


Adam,

 

You just placed all your marbles into one pot. If you loose your database
you loose it all. At least with the log you could populate the database if
it got corrupted,

 

I don't suggest anyone do this, especially in a production environment. If
you don't have enough room for the log file, then get a few more megs of
storage space.

Kindest regards,

The WINSNORT.com Management Team
--
Pick up your FREE Windows or UNIX Snort installation guides      
mailto:support at ...9077...
Website: http://www.winsnort.com
Snort: Open Source Network IDS - http://www.snort.org



  _____  

From: snort-users-admin at lists.sourceforge.net
[mailto:snort-users-admin at lists.sourceforge.net] On Behalf Of
adam_peterson at ...10608...
Sent: Monday, December 08, 2003 4:17 PM
To: Chris Keladis
Cc: Dirk Geschke; snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] -l parameter

 


I used -N as suggested and it solved my problem.  The only files created are
a 0 byte scan.log and a portscan.log that's > 0 bytes which I can deal with.
I think that's because the portscan preprocessor has to log to a file for
comparison.

Adam Peterson | Senior WAN Engineer | SPL WorldGroup |
adam_peterson at ...10608... 




 

Chris Keladis <chris at ...6400...> 

12/09/2003 11:12 AM ZE11 

        
        To:        Dirk Geschke <Dirk at ...10648...>,
adam_peterson at ...10608... 
        cc:        snort-users at lists.sourceforge.net 
        Subject:        Re: [Snort-users] -l parameter




At 10:27 PM 8/12/2003 +0100, Dirk Geschke wrote:

> > afford to log to disk.  I have no output options logging locally.
> > Just 1 line in snort.conf for output:
> >
> > output database: alert, mysql, user=zzz password=zzz dbname=zzz
> > host=zzz sensor_name=zzz
>
>I guess all you need is the option "-N". You still need a log
>directory for snort but it won't be used. But all alerts will
>be send to the database via the output plugin.

Hrrmm.. I use -N and -l (that's L) with unified output, and i still get 
logs to the 'alert' file.

I haven't looked into it, but it always had me wondering why?




Regards,

Chris.





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20031208/13aab729/attachment.html>


More information about the Snort-users mailing list