Snort mailing list archives
output to directory
From: Thomas Linden <tom () daemon de>
Date: Sun, 27 May 2001 00:08:16 +0200 (CEST)
Hello, I use the following config: snort chroots to /var/log/snort.d and logs to dir / (thus to /var/log/snort.d), which works as expected. I use the tcpdump log feature: output log_tcpdump: packet.dump.log snort does now create many dump logs: /var/log/snort.d/0525 () 0133-packet dump log /var/log/snort.d/0525 () 0140-packet dump log /var/log/snort.d/0525 () 0143-packet dump log /var/log/snort.d/0525 () 0149-packet dump log /var/log/snort.d/0526 () 0300-packet dump log But I prefer to have the dumps in another subdirectory, so I changed my output config to this: output log_tcpdump: packets/packet.dump.log If I start snort with this config, it complains: snort: log_tcpdump TcpdumpInitLogFile(): No such file or directory So, here's my question: How can I specify a directory for tcpdump logs _different_ then the "snort-wide" log-directory (as specified with -l)? kind regards, Tom -- => PGP key: http://daemon.de/key.txt => "Experience is what you got when => you did not get what you wanted." _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- output to directory Thomas Linden (May 26)