[Snort-users] disable /var/log/snort logging

Bamm Visscher bamm at ...539...
Thu May 8 06:12:09 EDT 2003


Attach the database plugin to the 'alert' facility vice the 'log' facility when using -N.
 
For example,

  output database: alert, postgresql, user=snort dbname=snort

vs.

  output database: log, postgresql, user=snort dbname=snort


Bammkkkk

On Wed, May 07, 2003 at 04:48:13PM -0700, Nick White wrote:
> You're right, the -N option turns off packet logging.  Sure it doesn't
> write to the disk, but it turns off packet logging within mysql as well
> - not cool.  Surely there is a way to have snort log everything to mysql
> (even packet logging), without dumping data to the hard drive.  I just
> can't figure out how.  I'm starting snort with -b (binary logging)
> option, which takes care of it crashing after a few minutes under a
> really heavy load.  Even still, logging to the disk is a total waste
> because I'll never do anything with the binary logs.
> 




More information about the Snort-users mailing list