Network Security: Detailed info on Re: [Snort-users] HOW DOES ONE STOP an alert file from being Produced?

Subject:	Re: [Snort-users] HOW DOES ONE STOP an alert file from being Produced?
Date:	Thu, 9 Mar 2006 15:37:15 -0500

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Actually, -A none is supposed to disable all alerting output plugins, logging plugins should still run.

Looking at the code, it appears that spo_database is setting itself properly in terms of notifying the system that an alerting plugin is running. I'll take a look and see if I can figure out why we're still getting an alert file. IIRC I've heard about this one from time to time, maybe its an old bug that never got properly squashed.

     -Marty

On Mar 9, 2006, at 3:28 AM, Dirk Geschke wrote:

Hi Marty,
To turn off alerting, use "-A none" at the command line.  To turn off
logging, you can use -N at the command line or add a "output
log_null" in the snort.conf file.
yes, but "-A none" will also disable all output plugins. This is sometimes not desired...

Raymond wanted the output plugins enabaled but no files in /var/log/ snort.
This is what the '-Y' opion of the FLoP patch does....
Best regards
Dirk
------------------------------------------------------- This SF.Net email is sponsored by xPML, a groundbreaking scripting language that extends applications into web and mobile media. Attend the live webcast and join the prime developer group breaking into this new coding territory! http://sel.as-us.falkag.net/sel? cmd=lnk&kid=110944&bid=241720&dat=121642 _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users


- --
Martin Roesch - Founder/CTO, Sourcefire Inc. - +1-410-290-1616
Sourcefire - Security for the Real World - http://www.sourcefire.com
Snort: Open Source Network IDS - http://www.snort.org


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFEEJH7qj0FAQQ3KOARApi0AJ97D+ONj2XuC97YMbT3SNJHVxpdJgCfXbXO
879T5xPYMxlBZgVFKrFhV/8=
=GrJo
-----END PGP SIGNATURE-----


-------------------------------------------------------
This SF.Net email is sponsored by xPML, a groundbreaking scripting language
that extends applications into web and mobile media. Attend the live webcast
and join the prime developer group breaking into this new coding territory!
http://sel.as-us.falkag.net/sel?cmd=lnk&kid=110944&bid=241720&dat=121642
_______________________________________________
Snort-users mailing list
Snort-users@lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

<Prev in Thread]	Current Thread	[Next in Thread>
[Snort-users] HOW DOES ONE STOP an alert file from being Produced?, Jacob, Raymond A Jr Re: [Snort-users] HOW DOES ONE STOP an alert file from being Produced?, Martin Roesch Re: [Snort-users] HOW DOES ONE STOP an alert file from being Produced?, Dirk Geschke Re: [Snort-users] HOW DOES ONE STOP an alert file from being Produced?, Dirk Geschke Re: [Snort-users] HOW DOES ONE STOP an alert file from being Produced?, Martin Roesch <= RE: [Snort-users] HOW DOES ONE STOP an alert file from being Produced?, Jacob, Raymond A Jr Re: [Snort-users] HOW DOES ONE STOP an alert file from being Produced?, Dirk Geschke

Previous by Date:	[Snort-users] Solved Can snort send alerts to the mysql database without writing an output file?, Jacob, Raymond A Jr
Next by Date:	Re: [Snort-users] Solved Can snort send alerts to the mysql database without writing an output file?, Jason
Previous by Thread:	Re: [Snort-users] HOW DOES ONE STOP an alert file from being Produced?, Dirk Geschke
Next by Thread:	RE: [Snort-users] HOW DOES ONE STOP an alert file from being Produced?, Jacob, Raymond A Jr
Indexes:	[Date] [Thread] [Top] [All Lists]