[Snort-users] HOW DOES ONE STOP an alert file from being Produced?
roesch at ...1935...
Thu Mar 9 12:38:02 EST 2006
-----BEGIN PGP SIGNED MESSAGE-----
Actually, -A none is supposed to disable all alerting output plugins,
logging plugins should still run.
Looking at the code, it appears that spo_database is setting itself
properly in terms of notifying the system that an alerting plugin is
running. I'll take a look and see if I can figure out why we're
still getting an alert file. IIRC I've heard about this one from
time to time, maybe its an old bug that never got properly squashed.
On Mar 9, 2006, at 3:28 AM, Dirk Geschke wrote:
> Hi Marty,
>> To turn off alerting, use "-A none" at the command line. To turn off
>> logging, you can use -N at the command line or add a "output
>> log_null" in the snort.conf file.
> yes, but "-A none" will also disable all output plugins. This is
> not desired...
> Raymond wanted the output plugins enabaled but no files in /var/log/
> This is what the '-Y' opion of the FLoP patch does....
> Best regards
> This SF.Net email is sponsored by xPML, a groundbreaking scripting
> that extends applications into web and mobile media. Attend the
> live webcast
> and join the prime developer group breaking into this new coding
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> Snort-users list archive:
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)
-----END PGP SIGNATURE-----
More information about the Snort-users