[Snort-users] Disable Snort logging to /var/log/snort

Andrew R. Baker andrewb at ...950...
Mon Jan 6 05:20:02 EST 2003


Dirk Geschke wrote:
> Hi,
> 
> 
>>Snort keep logging to /var/log/snort even I have enable DB output
>>plugin, how can I stop snort from loggin to this directory??
> 
> 
> use the command line option -N:
> 
>  -N     Turn  off  packet  logging.   The   program   still
>         generates alerts normally.

A bit of qualification on this, this will work if you are using "output 
database: alert ...".  However, if you are using "output database: log 
...", you will want to add "-A none" to the command line instead.

"-N" turns off packet logging output plugins, "-A none" turns of 
alerting plugins".  The database plugin can act as either alerting or 
logging.  Also, alert information is available to the packet logging 
output plugins, so you can still get alerts with "-A none" (depending on 
which output plugins you use).

-A







More information about the Snort-users mailing list