RE: Can snort send alerts to the mysql database w/out ...output file?grep -i output /usr/local/etc/snort/snort.conf

["Jacob, Raymond A Jr" <raymond.jacob () navy mil>]

Try the option "-A none" which will disable all alerts but still
allows the "log" output plugin to work...

--- I now have a newly created snort.log.... binary file.
% ls -last
0 -rw------- 1 user group 0 Mar 11 14:52 snort.log.1142107064

-----Original Message-----
From: Dirk Geschke [mailto:dirk () geschke-online de]
Sent: Saturday, March 11, 2006 14:27
To: Jacob, Raymond A Jr
Cc: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Can snort send alerts to the mysql database
w/out ...output file?grep -i output /usr/local/etc/snort/snort.conf


Hi Raymond,

> output database: log, mysql, user=yyyyy dbname=snort password=xxxxxx host=snorthost sensor_name=ids01
> output database: log, mysql, user=yyyyy dbname=snort_archive password=xxxxxx host=snorthost sensor_name=ids01

you have only output plugins for the "log" facility. Therefore snort
will use the default for the "alert" facility which is writing of files
to /var/log/snort....

Try the option "-A none" which will disable all alerts but still
allows the "log" output plugin to work...

Best regards

Dirk


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid0944&bid$1720&dat1642
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users