Snort mailing list archives
Re: Disable local logging
From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 11 Dec 2001 07:57:20 -0800 (PST)
On Tue, 11 Dec 2001, Frank Reid wrote:
Is there a way to disable local logging (to /var/log/snort) entirely, or does that break normal operations? (It may be something simple in snort.conf, but I can't find it.) On my active sensors, I've found the log directory fills up quickly to a point where Snort can no longer add directory entries. It may be unrelated, but it also appears Snort occasionally stops reporting upstream to the MySQL database under heavy traffic volume. The Snort process doesn't die on the sensor, so the demarc wrapper does not know to restart it.
Sounds like you need to use Barnyard. Grab the beta from http://www.snort.org/downloads/ (I don't have the full URL ATM, snort.org is flaked right now....). It's designed to handle DB logging when/if snort can't connect to the DB. No wrapper needed.... ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bug in classification.config parsing? Poppi, Sandro (Dec 11)
- Disable local logging Frank Reid (Dec 11)
- Re: Disable local logging Guillaume (Dec 11)
- Re: Disable local logging Erek Adams (Dec 11)
- RE: Disable local logging Frank Reid (Dec 11)
- Re: Disable local logging Martin Roesch (Dec 11)
- RE: Disable local logging Frank Reid (Dec 11)
- RE: Disable local logging Frank Reid (Dec 12)
- RE: Disable local logging Frank Reid (Dec 13)
- Re: Disable local logging Martin Roesch (Dec 13)
- RE: Disable local logging Frank Reid (Dec 13)
- Disable local logging Frank Reid (Dec 11)
- RE: Disable local logging Frank Reid (Dec 11)