[Snort-users] Can snort send alerts to the mysql database w/out ...output file?grep -i output /usr/local/etc/snort/snort.conf

Jacob, Raymond A Jr raymond.jacob at ...7622...
Sat Mar 11 12:07:04 EST 2006


Try the option "-A none" which will disable all alerts but still
allows the "log" output plugin to work...

--- I now have a newly created snort.log.... binary file.
% ls -last
0 -rw------- 1 user group 0 Mar 11 14:52 snort.log.1142107064

-----Original Message-----
From: Dirk Geschke [mailto:dirk at ...10648...]
Sent: Saturday, March 11, 2006 14:27
To: Jacob, Raymond A Jr
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Can snort send alerts to the mysql database
w/out ...output file?grep -i output /usr/local/etc/snort/snort.conf


Hi Raymond,

> output database: log, mysql, user=yyyyy dbname=snort password=xxxxxx host=snorthost sensor_name=ids01
> output database: log, mysql, user=yyyyy dbname=snort_archive password=xxxxxx host=snorthost sensor_name=ids01

you have only output plugins for the "log" facility. Therefore snort
will use the default for the "alert" facility which is writing of files
to /var/log/snort....

Try the option "-A none" which will disable all alerts but still
allows the "log" output plugin to work...

Best regards

Dirk




More information about the Snort-users mailing list