Snort insists on writing to .\log\alert.ids

[Mark Senior <senatorfrog () gmail com>]

Hello group

I've got Snort running successfully on Windows, logging to MS-SQL. The
problem is that it insists on writing to .\log\alert.ids - no matter
what the configuration file says, as near as I can make out.

If I remove or rename the Snort\log directory, or start with a current
directory other than the root of Snort's installation, I get the
error:

ERROR: OpenAlertFile() => fopen() alert file log/alert.ids: No such
file or directory

There is no output directive in the configuration file that would
point Snort to write to a file.  I want to avoid filling up the
sensor's disk - that's part of why I'm sending alerts to a database
server in the first place.  My only output directive is:

output database: alert, mssql, dbname=snort \
user=(username) password=(password) \
host=(database server) \
sensorname=(sensor) \
detail=fast

I haven't tried installing Snort as a service yet. It's looking for a
log file relative to the current working directory, which hardly seems
a healthy behaviour for a service...

Thanks very much
Mark

------------------------------------------------------------------------------
Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT
is a gathering of tech-side developers & brand creativity professionals. Meet
the minds behind Google Creative Lab, Visual Complexity, Processing, & 
iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian
Group, R/GA, & Big Spaceship. http://www.creativitycat.com 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users