[Snort-sigs] disable /var/log/snort logging

From: Nick White <nwhite(at)avidbio.com>
Date: Wed May 07 2003 - 14:25:45 EDT

(reposting from snort-users)

Hi All,
I'm fairly new with snort, so go easy on me. I'm running snort and logging to mysql just fine. The problem is, it's also logging to /var/log/snort. I need to figure out how to disable this logging to disk. I've looked at all the switches, and I can't seem to figure it out. I tried -A none, but then it stopped alerting to mysql. I also tried -l /dev/null, but it didn't like that one.

Snort starts as a service via:
/usr/local/bin/snort -u snort -g snort -d -D -c /etc/snort/snort.conf

In snort.conf, I log to mysql with:
output database: alert, mysql, user=snortusr password=fakepass dbname=snort host=localhost

I'm trying to kill snort with as much data as I can throw at it, and it always dies after a few minutes with:
May 6 14:54:34 localhost snort: FATAL ERROR: OpenLogFile() => fopen(/var/log/snort/10.10.1.30/UDP:138-138) log file: Not a directory

But I KNOW that the snort user has full permission to /var/log/snort. But I don't need logging to disk. It's a waste. I only want it to log to mysql.

(I've got snort to stop crashing by using -b. Now, to figure out how to
prevent it from logging to disk - please help!)

Thanks for your help!
- nick white

---

Enterprise Linux Forum Conference & Expo, June 4-6, 2003, Santa Clara The only event dedicated to issues related to Linux enterprise solutions www.enterpriselinuxforum.com

---

Snort-sigs mailing list
Snort-sigs@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/snort-sigs Received on Wed May 7 15:09:15 2003