[Snort-users] Snort logging problem

Bright, Mark IT2 mbrigh at ...4252...
Fri Nov 21 07:18:04 EST 2003


I use "snort -c C:\Snort\Bin\Snort.conf -l C:\Snort\log -i1" on most of my
sensors. In snort.conf I specify to log to my remote MySQL database and it
works just fine. The -l switch doesn't override logging to a database, it
just logs in both places. I know it's just a workaround. I just stay on top
of all the alerts logged locally. I had the same issue you have but couldn't
come up with a definative answer. Hope this helps...

~Mark

IT2 Bright, Mark G., CCNA
Network Security Manager
USS Abraham Lincoln (CVN72)
mbrigh at ...4252...

"Life is easy... Eat, Sleep, Jeep."


-----Original Message-----
From: Damiano Bolzoni [mailto:damiano.bolzoni at ...1877...]
Sent: Friday, November 21, 2003 03:59
To: snort-users at lists.sourceforge.net
Subject: [Snort-users] Snort logging problem


Hi all,
I need to log Snort data to MySql. When I launch snort (under Windows XP) it
exits with an error because can't find a log directory (I use snort -de -c
C:\Ids\Snort\etc\snort.conf). In file "snort.conf" I specified that I want
to log on database and if I launch snort with -l option, logging to database
will be overriden.

How can I solve this problem?

Thanx
Damiano



-------------------------------------------------------
This SF.net email is sponsored by: SF.net Giveback Program.
Does SourceForge.net help you be more productive?  Does it
help you create better code?  SHARE THE LOVE, and help us help
YOU!  Click Here: http://sourceforge.net/donate/
_______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users




More information about the Snort-users mailing list