Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort packet logging

From: Vincent Chen <vctw () yahoo com>
Date: Sat, 2 Feb 2002 21:42:26 -0800 (PST)

Dear all,

I have been running snort for weeks. Until yesterday,
I disable packet logging using command line switch
'-N'. Now I am trying to enable packet logging by
running snort with command line as follow:

snort -D -i tun0 -b -u operator -g operator -t
/export/snort -c /conf/snort.conf -l /log -L packet

The packets suppose to be logged into
/export/snort/log/packet file. After running several
hours, I only got 3 alert but the file 'packet' grow
to several mega bytes. I try to read this file using
command:

snort -v -d -r packet

But I got nothing but this:

TCPDUMP file reading mode.
Reading network traffic from "packet" file.
snaplen = 1514

        --== Initializing Snort ==--

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.3 (Build 88)
By Martin Roesch (roesch () sourcefire com,
www.snort.org)
pcap_loop: bogus savefile header

===============================================================================

Snort processed 0 packets.
.
.
.
Snort received signal 3, exiting


Am I doing anything wrong here?


Thanks for your help,

Vincent Chen




__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: