Snort mailing list archives
RE: Snort logging problem
From: "Bright, Mark IT2" <mbrigh () lincoln navy mil>
Date: Fri, 21 Nov 2003 07:16:30 -0800
I use "snort -c C:\Snort\Bin\Snort.conf -l C:\Snort\log -i1" on most of my sensors. In snort.conf I specify to log to my remote MySQL database and it works just fine. The -l switch doesn't override logging to a database, it just logs in both places. I know it's just a workaround. I just stay on top of all the alerts logged locally. I had the same issue you have but couldn't come up with a definative answer. Hope this helps... ~Mark IT2 Bright, Mark G., CCNA Network Security Manager USS Abraham Lincoln (CVN72) mbrigh () lincoln navy mil "Life is easy... Eat, Sleep, Jeep." -----Original Message----- From: Damiano Bolzoni [mailto:damiano.bolzoni () tin it] Sent: Friday, November 21, 2003 03:59 To: snort-users () lists sourceforge net Subject: [Snort-users] Snort logging problem Hi all, I need to log Snort data to MySql. When I launch snort (under Windows XP) it exits with an error because can't find a log directory (I use snort -de -c C:\Ids\Snort\etc\snort.conf). In file "snort.conf" I specified that I want to log on database and if I launch snort with -l option, logging to database will be overriden. How can I solve this problem? Thanx Damiano ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users ------------------------------------------------------- This SF.net email is sponsored by: SF.net Giveback Program. Does SourceForge.net help you be more productive? Does it help you create better code? SHARE THE LOVE, and help us help YOU! Click Here: http://sourceforge.net/donate/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort logging problem Damiano Bolzoni (Nov 21)
- <Possible follow-ups>
- RE: Snort logging problem Bright, Mark IT2 (Nov 21)