snort-users May 2009 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: [Snort-users] Snort insists on writing to .\log\ale

[Snort-users] Snort insists on writing to .\log\alert.ids

From: Mark Senior <senatorfrog_at_nospam>
Date: Thu May 21 2009 - 17:58:57 GMT

Hello group

I've got Snort running successfully on Windows, logging to MS-SQL. The problem is that it insists on writing to .\log\alert.ids - no matter what the configuration file says, as near as I can make out.

If I remove or rename the Snort\log directory, or start with a current directory other than the root of Snort's installation, I get the error:

ERROR: OpenAlertFile() => fopen() alert file log/alert.ids: No such file or directory

There is no output directive in the configuration file that would point Snort to write to a file. I want to avoid filling up the sensor's disk - that's part of why I'm sending alerts to a database server in the first place. My only output directive is:

output database: alert, mssql, dbname=snort \ user=(username) password=(password) \
host=(database server) \
sensorname=(sensor) \

I haven't tried installing Snort as a service yet. It's looking for a log file relative to the current working directory, which hardly seems a healthy behaviour for a service...

Thanks very much

Register Now for Creativity and Technology (CaT), June 3rd, NYC. CaT is a gathering of tech-side developers & brand creativity professionals. Meet the minds behind Google Creative Lab, Visual Complexity, Processing, & iPhoneDevCamp asthey present alongside digital heavyweights like Barbarian Group, R/GA, & Big Spaceship.

Snort-users mailing list
Go to this URL to change user options or unsubscribe: Snort-users list archive: