Snort mailing list archives
Re: no logging to disk
From: "Andrew R. Baker" <andrewb () snort org>
Date: Fri, 01 Nov 2002 16:21:56 -0500
Geoff Galitz wrote:
On Thursday, October 31, 2002, at 07:33 PM, Andrew R. Baker wrote:galitz wrote:G'day. I am using the latest snort 1.9 and am having a littleissue. I am logging to a remote MySQL database but I do not want any logging to disk at all. It is not clear if using the -N parameter will accomplish this. What is the correct way to do this?The -N flag turns off all packet logging, including any methods that you have specified in the config file. I am guessing that you want to use the Snort database plugin in "log" mode. If that is the case, try adding "-A none" to the command line to turn off all of the alerting plugins.Hmm... well... more specifically at this time, my problem is thus: I have the portscan2 preprocessor configured to run. Ideally I'd like logging and alerting both running. Events are showing up in the MySQL database just fine. But... no matter what I do the portscan2 preprocessor (or some other component) creates /var/snort/scan.log. I cannotget it stop creating entries on disk (using "-N" or "-A none" alternativelyboth continue to create entries on disk in the /var/snort/scan.log file).
Well, that is a shortcoming of the portscan2 preprocessor. Like the earlier portscan preprocessor, the portscan2 preprocessor generates its own logs independent of the standard Snort output system. The only way you can prevent it from generating the scan.log file is to turn of the preprocessor in the config file or edit the code so that it does not generate the file.
-A -------------------------------------------------------This sf.net email is sponsored by: See the NEW Palm Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- no logging to disk galitz (Oct 31)
- Re: no logging to disk Andrew R. Baker (Oct 31)
- Re: no logging to disk Geoff Galitz (Nov 01)
- Re: no logging to disk Andrew R. Baker (Nov 01)
- Re: no logging to disk Geoff Galitz (Nov 01)
- Re: no logging to disk Andrew R. Baker (Oct 31)