[Snort-users] Disable Snort logging to /var/log/snort
Andrew R. Baker
andrewb at ...950...
Mon Jan 6 05:20:02 EST 2003
Dirk Geschke wrote:
>>Snort keep logging to /var/log/snort even I have enable DB output
>>plugin, how can I stop snort from loggin to this directory??
> use the command line option -N:
> -N Turn off packet logging. The program still
> generates alerts normally.
A bit of qualification on this, this will work if you are using "output
database: alert ...". However, if you are using "output database: log
...", you will want to add "-A none" to the command line instead.
"-N" turns off packet logging output plugins, "-A none" turns of
alerting plugins". The database plugin can act as either alerting or
logging. Also, alert information is available to the packet logging
output plugins, so you can still get alerts with "-A none" (depending on
which output plugins you use).
More information about the Snort-users