[Snort-users] Re: Log vs Alert

John Deagan johndeaganaka at ...125...
Thu Jun 26 15:03:19 EDT 2003


I tried this line:
./snort -c /usr/local/share/snort/snort.conf -N -A none -r /tmp/trace2
and nothing was logged into the database.  I know there is a way to stick 
stuff in the database without that damn /var/log/snort/alert

Using only -A none stores a bunch of junk in /var/log/snort that is just as 
bad as the alert
and -N stores nothing in the database at all

<<< John >>>
>From: SRH-Lists <giermo at ...8381...>
>To: 'John Deagan' <johndeaganaka at ...125...>, 
>snort-users at lists.sourceforge.net
>Subject: RE: [Snort-users] Re: Log vs Alert
>Date: Thu, 26 Jun 2003 15:27:09 -0500
>
> > How about this?  I want to write alerts to the database but
> > nothing at all
> > in text.
> >
> > output database: alert, mysql, user= password= dbname= host=
> > output log_null
> >
> > This will make it so I dont have to worry about that damn
> > /var/log/snort/alert file.  But this
> > output database: log, mysql, user= password= dbname= host=
> > output log_null
> >
> > Doesnt seem to work, /var/log/snort/alert still appears and
> > gets big and
> > slows down snort.  Why does this work for output database:
> > alert but not
> > database: log?
> >
>
>add a -A none to your commandline and bye bye /var/log/snort/alert.
>
>
>-steve

_________________________________________________________________
The new MSN 8: smart spam protection and 2 months FREE*  
http://join.msn.com/?page=features/junkmail





More information about the Snort-users mailing list