Snort mailing list archives
Re: no logging to disk
From: Geoff Galitz <galitz () uclink berkeley edu>
Date: Fri, 1 Nov 2002 13:03:51 -0800
On Thursday, October 31, 2002, at 07:33 PM, Andrew R. Baker wrote:
galitz wrote:G'day. I am using the latest snort 1.9 and am having a littleissue. I am logging to a remote MySQL database but I do not want any logging to disk at all. It is not clear if using the -N parameter will accomplish this. What is the correct way to do this?The -N flag turns off all packet logging, including any methods that you have specified in the config file. I am guessing that you want to use the Snort database plugin in "log" mode. If that is the case, try adding "-A none" to the command line to turn off all of the alerting plugins.
Hmm... well... more specifically at this time, my problem is thus: I have the portscan2 preprocessor configured to run. Ideally I'd like logging and alerting both running. Events are showing up in the MySQL database just fine. But... no matter what I do the portscan2 preprocessor (or some other component) creates /var/snort/scan.log. I cannotget it stop creating entries on disk (using "-N" or "-A none" alternatively
both continue to create entries on disk in the /var/snort/scan.log file). -geoff ----------------------------------------------------"Programming is still way too low-level," she said. "They still force the programmer to focus on the procedural details of making the machine work instead of the human intention of the problem to be solved."
- Frances E Allen
-------------------------------------------------------
This sf.net email is sponsored by: See the NEW Palm
Tungsten T handheld. Power & Color in a compact size!
http://ads.sourceforge.net/cgi-bin/redirect.pl?palm0001en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- no logging to disk galitz (Oct 31)
- Re: no logging to disk Andrew R. Baker (Oct 31)
- Re: no logging to disk Geoff Galitz (Nov 01)
- Re: no logging to disk Andrew R. Baker (Nov 01)
- Re: no logging to disk Geoff Galitz (Nov 01)
- Re: no logging to disk Andrew R. Baker (Oct 31)