problems with snort logging to both database and /var/log/snort

[Erik Melander <Emelander () wyndham com>]

My environment consists of 2 machines: a sensor and an analyzer.  The sensor
is running snort in packet
sniffing mode and logging to a binary tcpdump file that every hour is pulled
off the sensor from the analyzer
via scp.  On the analyzer the binary tcpdump file is read in using the
following syntax:

snort -c /etc/snort/sensor.snort.conf -r tcp.2001102515

I have configured my logging as such:

output alert_syslog: LOG_AUTH LOG_ALERT LOG_PID
output database: alert, mysql, user=XXXXXX password=XXXXXX dbname=snort
host=localhost sensor_name=XXXXXX

While snort is properly logging to the database, it is also dumping data
into the /var/log/snort directory in the form
of IP address named sub-directories with alerts contained in said
directories.  Is there a switch or a parameter in my
snort.conf that I can use to prevent this extraneous logging?  Thanks!

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users