Snort mailing list archives
RE: Disable local logging
From: "Frank Reid" <fcreid () ourcorner org>
Date: Tue, 11 Dec 2001 11:16:20 -0500
Thanks. I'd read about Barnyard on the list periodically, but haven't played with it yet. As soon as snort.org is back online, I'll snag it and have a look. I'm guessing it uses the same db schema as Snort, so it's compatible with both ACID and demarc on the management console? Also, I wonder if it will integrate fully with demarc if I disable the database preprocessor on the sensors. Frank -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net]On Behalf Of Erek Adams Sent: Tuesday, December 11, 2001 10:57 AM To: Frank Reid Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] Disable local logging On Tue, 11 Dec 2001, Frank Reid wrote:
Is there a way to disable local logging (to /var/log/snort) entirely, or does that break normal operations? (It may be something simple in snort.conf, but I can't find it.) On my active sensors, I've found the
log
directory fills up quickly to a point where Snort can no longer add directory entries. It may be unrelated, but it also appears Snort occasionally stops reporting upstream to the MySQL database under heavy traffic volume. The Snort process doesn't die on the sensor, so the
demarc
wrapper does not know to restart it.
Sounds like you need to use Barnyard. Grab the beta from http://www.snort.org/downloads/ (I don't have the full URL ATM, snort.org is flaked right now....). It's designed to handle DB logging when/if snort can't connect to the DB. No wrapper needed.... ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Bug in classification.config parsing? Poppi, Sandro (Dec 11)
- Disable local logging Frank Reid (Dec 11)
- Re: Disable local logging Guillaume (Dec 11)
- Re: Disable local logging Erek Adams (Dec 11)
- RE: Disable local logging Frank Reid (Dec 11)
- Re: Disable local logging Martin Roesch (Dec 11)
- RE: Disable local logging Frank Reid (Dec 11)
- RE: Disable local logging Frank Reid (Dec 12)
- RE: Disable local logging Frank Reid (Dec 13)
- Re: Disable local logging Martin Roesch (Dec 13)
- RE: Disable local logging Frank Reid (Dec 13)
- Disable local logging Frank Reid (Dec 11)
- RE: Disable local logging Frank Reid (Dec 11)