Re: Re: Log file problem

["Rob Whelan" <alt_rob () hotmail com>]

I would think
output alert_full: /var/log/snort/snort.alert
in snort.conf would do the trick. Or use -l /var/log/snort.alert in the 
command line.

cheers

> From: Ush <ush () nikel org uk>
> To: snort-users () lists sourceforge net
> Subject: [Snort-users] Re: Log file problem
> Date: Sun, 5 Aug 2001 13:01:07 +0100
>
> On Sun, Aug 05, 2001 at 03:50:31AM -0400, Dave Cinege wrote:
>
> > Same problem, and i just happened to fix an hour ago. Take a look
> > at the csv module which let's you spec what items to send to a file.
> >
>
> Tried that already, but it breaks snortsnarf and such things.
>
> All I want to do is one simple thing, log the output which is normally sent
> to syslog to a seperate file, instead of syslog. I don't want the format to
> change, or for it to be shorter (fast) etc.
>
> Just like my old 1.5 used to send everything to /var/log/snort.alert
>
> Surely this is still possible, but how ?
>
> --
> Ush
>
> _______________________________________________
> Snort-users mailing list
> Snort-users () lists sourceforge net
> Go to this URL to change user options or unsubscribe:
> http://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users


_________________________________________________________________
Get your FREE download of MSN Explorer at http://explorer.msn.com/intl.asp


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users