[Snort-users] Re: Log vs Alert

John Deagan johndeaganaka at ...125...
Thu Jun 26 14:02:06 EDT 2003


Wont that stop me from sending alerts to the database as well?  I thought I 
read that somewhere.  Same with the -N
<<< John >>>


>From: SRH-Lists <giermo at ...8381...>
>To: 'John Deagan' <johndeaganaka at ...125...>, 
>snort-users at lists.sourceforge.net
>Subject: RE: [Snort-users] Re: Log vs Alert
>Date: Thu, 26 Jun 2003 15:27:09 -0500
>
> > How about this?  I want to write alerts to the database but
> > nothing at all
> > in text.
> >
> > output database: alert, mysql, user= password= dbname= host=
> > output log_null
> >
> > This will make it so I dont have to worry about that damn
> > /var/log/snort/alert file.  But this
> > output database: log, mysql, user= password= dbname= host=
> > output log_null
> >
> > Doesnt seem to work, /var/log/snort/alert still appears and
> > gets big and
> > slows down snort.  Why does this work for output database:
> > alert but not
> > database: log?
> >
>
>add a -A none to your commandline and bye bye /var/log/snort/alert.
>
>
>-steve

_________________________________________________________________
MSN 8 with e-mail virus protection service: 2 months FREE*  
http://join.msn.com/?page=features/virus





More information about the Snort-users mailing list