Snort mailing list archives
Re: -l parameter
From: adam_peterson () splwg com
Date: Mon, 8 Dec 2003 16:17:01 -0800
I used -N as suggested and it solved my problem. The only files created are a 0 byte scan.log and a portscan.log that's > 0 bytes which I can deal with. I think that's because the portscan preprocessor has to log to a file for comparison. Adam Peterson | Senior WAN Engineer | SPL WorldGroup | adam_peterson () splwg com Chris Keladis <chris () cmc optus net au> 12/09/2003 11:12 AM ZE11 To: Dirk Geschke <Dirk () geschke-online de>, adam_peterson () splwg com cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] -l parameter At 10:27 PM 8/12/2003 +0100, Dirk Geschke wrote:
afford to log to disk. I have no output options logging locally. Just 1 line in snort.conf for output: output database: alert, mysql, user=zzz password=zzz dbname=zzz host=zzz sensor_name=zzzI guess all you need is the option "-N". You still need a log directory for snort but it won't be used. But all alerts will be send to the database via the output plugin.
Hrrmm.. I use -N and -l (that's L) with unified output, and i still get logs to the 'alert' file. I haven't looked into it, but it always had me wondering why? Regards, Chris.
Current thread:
- -l parameter adam_peterson (Dec 08)
- Re: -l parameter Dirk Geschke (Dec 08)
- Re: -l parameter Chris Keladis (Dec 08)
- RE: -l parameter Ed Callahan (Dec 09)
- <Possible follow-ups>
- Re: -l parameter adam_peterson (Dec 08)
- RE: -l parameter Michael Steele (Dec 08)
- Re: -l parameter adam_peterson (Dec 09)
- Re: -l parameter John Creegan (Dec 09)
- Re: -l parameter adam_peterson (Dec 09)
- Re: -l parameter twig les (Dec 09)
- RE: -l parameter Ed Callahan (Dec 09)
- Re: -l parameter Dirk Geschke (Dec 10)
- RE: -l parameter Antonio Costa (Dec 10)
- Re: -l parameter Dirk Geschke (Dec 08)