[Snort-users] disable /var/log/snort logging

Nick White nwhite at ...9112...
Thu May 8 11:46:42 EDT 2003

Whenever I use -N and change my output line in snort.conf to alert, it
creates /var/log/snort/alert and continues to write alerts there.
(without packet information).

If possible, I'd like snort to _only_ log alerts (with packet
information) to mysql.  Another user suggested simply deleting the disk
logs, but even then, there is a lot of unnecessary overhead.

Basically what I'm trying to accomplish is this:
1. Log to mysql with full packet information for alerts. (done)
2. Not have snort write a lot of redundant data to the disk that already
exists in mysql.

Thanks for your kind suggestions.  Any further ideas?

-----Original Message-----
From: Bamm Visscher [mailto:bamm at ...539...] 
Sent: Thursday, May 08, 2003 5:57 AM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] disable /var/log/snort logging

Attach the database plugin to the 'alert' facility vice the 'log'
facility when using -N.
For example,

  output database: alert, postgresql, user=snort dbname=snort


  output database: log, postgresql, user=snort dbname=snort


On Wed, May 07, 2003 at 04:48:13PM -0700, Nick White wrote:
> You're right, the -N option turns off packet logging.  Sure it doesn't
> write to the disk, but it turns off packet logging within mysql as
> - not cool.  Surely there is a way to have snort log everything to
> (even packet logging), without dumping data to the hard drive.  I just
> can't figure out how.  I'm starting snort with -b (binary logging)
> option, which takes care of it crashing after a few minutes under a
> really heavy load.  Even still, logging to the disk is a total waste
> because I'll never do anything with the binary logs.

Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara
The only event dedicated to issues related to Linux enterprise solutions

Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

More information about the Snort-users mailing list