[Snort-users] Solved Can snort send alerts to the mysql database without writing an output file?

Jason security at ...5028...
Thu Mar 9 12:55:02 EST 2006


what is the output of grep -i output /usr/local/etc/snort/snort.conf or
can you send me your snort.conf



Jacob, Raymond A Jr wrote:
> Question: Can snort send alerts to the mysql database without writing an
> output file?
> 
> Solutions that did not work:
> a) When I run the above command line without -A none and -K none I get
> alerts sent to ids database
> i.e./usr/local/bin/snort -Dq -dev -o  -c /usr/local/etc/snort/snort.conf
> -i mi0 -u user -g group
> 
> b) When I run with the -A none  I get the pcap files but no alerts sent
> to ids database.
> 
> c) -Y option in FLoP /* I don't have FLoP installed */
> 
> Solution that works:
>     /usr/local/bin/snort -Dq -de -o  -c /usr/local/etc/snort/snort.conf
> -i mi0 -u user -g group
>     sleep 2
>     rm /var/log/snort/alert
> 
> The previous snort administrator had this in his snort.sh file.
> No alert file is produced and logs are sent to the mysql database.
> 
> Question: Is there a switch that will not produce an alert file and
> still send alerts to
> the mysql database?
> Question: Does the commercial version of snort software have this Denial
> of Service bug?
> The denial of service is a result of running out of disk space on the
> sensor.
> This happened  after a month when snort first was deployed a few years ago.
> 
> 
> Thank you for your help,
> Raymond
> 




More information about the Snort-users mailing list