[Snort-users] HOW DOES ONE STOP an alert file from being Produced?

Martin Roesch roesch at ...1935...
Thu Mar 9 12:38:02 EST 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Actually, -A none is supposed to disable all alerting output plugins,  
logging plugins should still run.

Looking at the code, it appears that spo_database is setting itself  
properly in terms of notifying the system that an alerting plugin is  
running.  I'll take a look and see if I can figure out why we're  
still getting an alert file.  IIRC I've heard about this one from  
time to time, maybe its an old bug that never got properly squashed.

      -Marty

On Mar 9, 2006, at 3:28 AM, Dirk Geschke wrote:

> Hi Marty,
>
>> To turn off alerting, use "-A none" at the command line.  To turn off
>> logging, you can use -N at the command line or add a "output
>> log_null" in the snort.conf file.
>
> yes, but "-A none" will also disable all output plugins. This is  
> sometimes
> not desired...
>
> Raymond wanted the output plugins enabaled but no files in /var/log/ 
> snort.
>
> This is what the '-Y' opion of the FLoP patch does....
>
> Best regards
>
> Dirk
>
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting  
> language
> that extends applications into web and mobile media. Attend the  
> live webcast
> and join the prime developer group breaking into this new coding  
> territory!
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org




-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFEEJH7qj0FAQQ3KOARApi0AJ97D+ONj2XuC97YMbT3SNJHVxpdJgCfXbXO
879T5xPYMxlBZgVFKrFhV/8=
=GrJo
-----END PGP SIGNATURE-----




More information about the Snort-users mailing list