Snort mailing list archives

Re: -l parameter

From: Chris Keladis <chris () cmc optus net au>
Date: Tue, 09 Dec 2003 11:12:15 +1100

At 10:27 PM 8/12/2003 +0100, Dirk Geschke wrote:

> afford to log to disk.  I have no output options logging locally.
> Just 1 line in snort.conf for output:
>
> output database: alert, mysql, user=zzz password=zzz dbname=zzz
> host=zzz sensor_name=zzz

I guess all you need is the option "-N". You still need a log
directory for snort but it won't be used. But all alerts will
be send to the database via the output plugin.

Hrrmm.. I use -N and -l (that's L) with unified output, and i still getlogs to the 'alert' file.


I haven't looked into it, but it always had me wondering why?




Regards,

Chris.




-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

-l parameter adam_peterson (Dec 08)
- Re: -l parameter Dirk Geschke (Dec 08)
  - Re: -l parameter Chris Keladis (Dec 08)
- RE: -l parameter Ed Callahan (Dec 09)
- <Possible follow-ups>
- Re: -l parameter adam_peterson (Dec 08)
  - RE: -l parameter Michael Steele (Dec 08)
- Re: -l parameter adam_peterson (Dec 09)
- Re: -l parameter John Creegan (Dec 09)
- Re: -l parameter adam_peterson (Dec 09)
  - Re: -l parameter twig les (Dec 09)
  - RE: -l parameter Ed Callahan (Dec 09)
    - Re: -l parameter Dirk Geschke (Dec 10)
    - RE: -l parameter Antonio Costa (Dec 10)