Snort mailing list archives
SQL logging + ACID
From: francisv () dagupan com
Date: Wed, 11 Sep 2002 09:13:45 +0800
Hi, I've configured snort to run with the following parameters: snort -D -N -k none -o -c /usr/local/etc/snort.conf -N is supposed to turn off packet logging and now I don't see any 'alert' file in /var/log/snort -- this is good. Snort is also configured to log alerts to MySQL: output database: alert, mysql, user=user password=passwd dbname=db \ host=localhost Now, I'm getting this log in ACID: #0-(1-1) spp_anomsensor: Anomaly threshold exceeded: 12.6369 2002-09-11 08:53:56 151.189.24.18:49311 202.91.160.110:113 TCP Which normally didn't show up without the "-N" and with "output database: log, mysql" option. I don't want this logging behavior since it will obviously flood my db; I only want to log alerts but removing "-N" fills up disk space too because of /var/log/snort/alert. What should be my configuration? --- francis a. vidal [bitstop network services] | http://www.bitstop.ph streaming media + web hosting | http://www.keystone.ph v(02)330-2871,(02)330-2872; f(02)330-2873 | http://www.kuro.ph ------------------------------------------------------- In remembrance www.osdn.com/911/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- SQL logging + ACID francisv (Sep 10)