[Snort-users] Problems with Snort 2.0rc4

From: Anderson Johnston <andy(at)umbc.edu>
Date: Wed Apr 09 2003 - 18:25:48 EDT

Before I bother the developers with my whining, I wanted to make sure that I'm not missing something:

1.) I can't turn the logging option off. Neither the -N argument in the command line nor the "config nolog" in the configuration file seem to stop directories named after IPs from being created in the logging directory. All I want is the alert file.

Specifically, I want

        output alert_fast: /usr/home/analyst/alert/alert

---

2.) If I don't specify a logging directory in the command line (-l option), snort tries to use the default logging directory (which doesn't exist) even though I've specified no logging.

---

I'm planning to look at unified logging next, but I want to get this stuff sorted out for backward compatibility with my existing system.

					Thanks,
					- Andy Johnston
------------------------------------------------------------------------------

** Andy Johnston (andy@umbc.edu)          *            pager: 410-678-8949  **

** Manager of IT Security                 * PGP key:(afj2002) 4096/8448B056 **

** Office of Information Technology, UMBC *   4A B4 96 64 D9 B6 EF E3 21 9A **


** 410-455-2583 (v)/410-455-1065 (f)      *   46 1A 37 11 F5 6C 84 48 B0 56 **


------------------------------------------------------------------------------



-------------------------------------------------------

This SF.net email is sponsored by: Etnus, makers of TotalView, The debugger for complex code. Debugging C/C++ programs can leave you feeling lost and disoriented. TotalView can help you find your way. Available on major UNIX and Linux platforms. Try it free. www.etnus.com

---

Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users Received on Wed Apr 9 18:52:47 2003