[Snort-users] disable /var/log/snort logging
nwhite at ...9112...
Thu May 8 09:11:07 EDT 2003
Thanks LCL for your suggestions and documentation references. I now
better understand how snort treats alerts verses logs. I've tried your
suggestion with the following line in my snort.conf:
output database: alert, mysql, log_null, user=snortusr password=fakepass
But it's still alerting to /var/log/snort. Whenever I use the -N option
to start snort, it still alerts, but doesn't log any of the packet data.
Snort is starting with -u snort -g snort -d -D -b -c
/etc/snort/snort.conf. I've tried removing -b, but it still alerts to
disk. Any other suggestions that I can try?
From: L. Christopher Luther [mailto:CLuther at ...6333...]
Sent: Wednesday, May 07, 2003 8:49 PM
To: Nick White
Cc: snort-users at lists.sourceforge.net
Subject: RE: [Snort-users] disable /var/log/snort logging
Snort uses two output facilities - one for alerts and one for logs 
must read). Your snort.conf only specifies an output facility for the
alerts, so I'm thinking that Snort therefore falls back to its 'default'
logging facility (i.e., /var/log).
More information about the Snort-users