RE: -l parameter

["Ed Callahan" <snort () edcallahan com>]

Adam -

On my win32 installation this is what worked to avoid any logging files at
all: In my snort.conf these two output commands:

output database: alert, mssql, dbname=snort user=*** password=*** host=***
output log_null

and command line

snort -c c:\snort\etc\snort.conf -l c:\snort\log

The -l is required and the c:\snort\log directory must exist, but it is
empty.

The output log_null is the non-obvious part (to me at least).

Ed Callahan
snort () edcallahan com


-----Original Message-----
From: snort-users-admin () lists sourceforge net
[mailto:snort-users-admin () lists sourceforge net]On Behalf Of
adam_peterson () splwg com
Sent: Monday, December 08, 2003 1:23 PM
To: snort-users () lists sourceforge net
Subject: [Snort-users] -l parameter

Is the -l (that's an L) parameter required?  I log to a db so I don't want
to log to disk but for some reason, whether I use the -l parameter or not,
Snort is "detecting" my previously specified log directory and writing to
disk.  My disk isn't very big so I can't afford to log to disk.  I have no
output options logging locally.  Just 1 line in snort.conf for output:

output database: alert, mysql, user=zzz password=zzz dbname=zzz host=zzz
sensor_name=zzz

Adam Peterson | Senior WAN Engineer | SPL WorldGroup |
adam_peterson () splwg com | +1.415.357.4787



-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id=1278&alloc_id=3371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users