[Snort-users] HOW DOES ONE STOP an alert file from being Produced?

Martin Roesch roesch at ...1935...
Thu Mar 9 12:38:02 EST 2006

Hash: SHA1

Actually, -A none is supposed to disable all alerting output plugins,  
logging plugins should still run.

Looking at the code, it appears that spo_database is setting itself  
properly in terms of notifying the system that an alerting plugin is  
running.  I'll take a look and see if I can figure out why we're  
still getting an alert file.  IIRC I've heard about this one from  
time to time, maybe its an old bug that never got properly squashed.


On Mar 9, 2006, at 3:28 AM, Dirk Geschke wrote:

> Hi Marty,
>> To turn off alerting, use "-A none" at the command line.  To turn off
>> logging, you can use -N at the command line or add a "output
>> log_null" in the snort.conf file.
> yes, but "-A none" will also disable all output plugins. This is  
> sometimes
> not desired...
> Raymond wanted the output plugins enabaled but no files in /var/log/ 
> snort.
> This is what the '-Y' opion of the FLoP patch does....
> Best regards
> Dirk
> -------------------------------------------------------
> This SF.Net email is sponsored by xPML, a groundbreaking scripting  
> language
> that extends applications into web and mobile media. Attend the  
> live webcast
> and join the prime developer group breaking into this new coding  
> territory!
> http://sel.as-us.falkag.net/sel? 
> cmd=lnk&kid=110944&bid=241720&dat=121642
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users

- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org

Version: GnuPG v1.4.1 (Darwin)


More information about the Snort-users mailing list