Snort mailing list archives

Previous By Date Next
Previous By Thread Next

SQL logging + ACID

From: francisv () dagupan com
Date: Wed, 11 Sep 2002 09:13:45 +0800
Hi,

I've configured snort to run with the following parameters:

        snort -D -N -k none -o -c /usr/local/etc/snort.conf

-N is supposed to turn off packet logging and now I don't see any 'alert'
file in /var/log/snort -- this is good. Snort is also configured to log
alerts to MySQL:

        output database: alert, mysql, user=user password=passwd dbname=db \
        host=localhost

Now, I'm getting this log in ACID:

           #0-(1-1)        spp_anomsensor: Anomaly threshold exceeded:
12.6369        2002-09-11 08:53:56        151.189.24.18:49311
202.91.160.110:113        TCP

Which normally didn't show up without the "-N" and with "output database:
log, mysql" option. I don't want this logging behavior since it will
obviously flood my db; I only want to log alerts but removing "-N" fills up
disk space too because of /var/log/snort/alert. What should be my
configuration?

---
 francis a. vidal [bitstop network services] | http://www.bitstop.ph
 streaming media + web hosting               | http://www.keystone.ph
 v(02)330-2871,(02)330-2872; f(02)330-2873   | http://www.kuro.ph 



-------------------------------------------------------
In remembrance
www.osdn.com/911/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: