Snort mailing list archives
RE: Re: Log vs Alert
From: "John Deagan" <johndeaganaka () hotmail com>
Date: Thu, 26 Jun 2003 21:55:34 +0000
I tried this line: ./snort -c /usr/local/share/snort/snort.conf -N -A none -r /tmp/trace2and nothing was logged into the database. I know there is a way to stick stuff in the database without that damn /var/log/snort/alert
Using only -A none stores a bunch of junk in /var/log/snort that is just as bad as the alert
and -N stores nothing in the database at all <<< John >>>
From: SRH-Lists <giermo () 333tech com>To: 'John Deagan' <johndeaganaka () hotmail com>, snort-users () lists sourceforge netSubject: RE: [Snort-users] Re: Log vs Alert Date: Thu, 26 Jun 2003 15:27:09 -0500 > How about this? I want to write alerts to the database but > nothing at all > in text. > > output database: alert, mysql, user= password= dbname= host= > output log_null > > This will make it so I dont have to worry about that damn > /var/log/snort/alert file. But this > output database: log, mysql, user= password= dbname= host= > output log_null > > Doesnt seem to work, /var/log/snort/alert still appears and > gets big and > slows down snort. Why does this work for output database: > alert but not > database: log? > add a -A none to your commandline and bye bye /var/log/snort/alert. -steve
_________________________________________________________________The new MSN 8: smart spam protection and 2 months FREE* http://join.msn.com/?page=features/junkmail
------------------------------------------------------- This SF.Net email is sponsored by: INetU Attention Web Developers & Consultants: Become An INetU Hosting Partner. Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission! INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Log vs Alert Matt Geiger (Jun 26)
- Re: Log vs Alert Erek Adams (Jun 26)
- Re: Log vs Alert list (Jun 26)
- <Possible follow-ups>
- Re: Log vs Alert Dusty Hall (Jun 26)
- Re: Log vs Alert John Deagan (Jun 26)
- RE: Re: Log vs Alert SRH-Lists (Jun 26)
- Re: Log vs Alert Dusty Hall (Jun 26)
- RE: Re: Log vs Alert John Deagan (Jun 26)
- RE: Re: Log vs Alert John Deagan (Jun 26)
- Re: Log vs Alert Erek Adams (Jun 26)