Snort mailing list archives
RE: disable /var/log/snort logging
From: "Nick White" <nwhite () avidbio com>
Date: Wed, 7 May 2003 16:48:13 -0700
You're right, the -N option turns off packet logging. Sure it doesn't write to the disk, but it turns off packet logging within mysql as well - not cool. Surely there is a way to have snort log everything to mysql (even packet logging), without dumping data to the hard drive. I just can't figure out how. I'm starting snort with -b (binary logging) option, which takes care of it crashing after a few minutes under a really heavy load. Even still, logging to the disk is a total waste because I'll never do anything with the binary logs. -----Original Message----- From: Anderson Johnston [mailto:andy () umbc edu] Sent: Tuesday, May 06, 2003 3:36 PM To: Nick White Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] disable /var/log/snort logging The -N option should suppress logging (while allowing alerts). Caveats: 1. I don't know if it will stop logs to mysql, too. 2. The option doesn't seem to be working on my system (Solaris 8) under Snort 2.0. - Andy On Tue, 6 May 2003, Nick White wrote:
Hi All, I'm fairly new with snort, so go easy on me. I'm running snort and logging to mysql just fine. The problem is, it's also logging to /var/log/snort. I need to figure out how to disable this logging to disk. I've looked at all the switches, and I can't seem to figure it out. I tried -A none, but then it stopped alerting to mysql. I also tried -l /dev/null, but it didn't like that one. Snort starts as a service via: /usr/local/bin/snort -u snort -g snort -d -D -c /etc/snort/snort.conf In snort.conf, I log to mysql with: output database: alert, mysql, user=snortusr password=fakepass dbname=snort host=localhost I'm trying to kill snort with as much data as I can throw at it, and
it
always dies after a few minutes with: May 6 14:54:34 localhost snort: FATAL ERROR: OpenLogFile() => fopen(/var/log/snort/10.10.1.30/UDP:138-138) log file: Not a directory But I KNOW that the snort user has full permission to /var/log/snort. But I don't need logging to disk. It's a waste. I only want it to
log
to mysql. Thanks for your help! - nick white ------------------------------------------------------- Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara The only event dedicated to issues related to Linux enterprise
solutions
www.enterpriselinuxforum.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list
------------------------------------------------------------------------ ------ ** Andy Johnston (andy () umbc edu) * pager: 410-678-8949 ** ** Manager of IT Security * PGP key:(afj2002) 4096/8448B056 ** ** Office of Information Technology, UMBC * 4A B4 96 64 D9 B6 EF E3 21 9A ** ** 410-455-2583 (v)/410-455-1065 (f) * 46 1A 37 11 F5 6C 84 48 B0 56 ** ------------------------------------------------------------------------ ------ ------------------------------------------------------- Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara The only event dedicated to issues related to Linux enterprise solutions www.enterpriselinuxforum.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- disable /var/log/snort logging Nick White (May 06)
- Re: disable /var/log/snort logging Anderson Johnston (May 06)
- <Possible follow-ups>
- RE: disable /var/log/snort logging Nick White (May 07)
- Re: disable /var/log/snort logging Bamm Visscher (May 08)
- RE: disable /var/log/snort logging Joesph Bowling (May 07)
- RE: disable /var/log/snort logging L. Christopher Luther (May 07)
- RE: disable /var/log/snort logging Nick White (May 08)
- RE: disable /var/log/snort logging Nick White (May 08)
- Re: disable /var/log/snort logging Bamm Visscher (May 08)
- RE: disable /var/log/snort logging L. Christopher Luther (May 08)
- RE: disable /var/log/snort logging L. Christopher Luther (May 08)
- RE: disable /var/log/snort logging Nick White (May 08)