[Snort-users] disable /var/log/snort logging

L. Christopher Luther CLuther at ...6333...
Wed May 7 20:50:07 EDT 2003


Nick,  

Snort uses two output facilities - one for alerts and one for logs [0] (a
must read).  Your snort.conf only specifies an output facility for the
alerts, so I'm thinking that Snort therefore falls back to its 'default'
logging facility (i.e., /var/log).  



More information about the Snort-users mailing list