Snort mailing list archives
RE: I need some serious help
From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 11 Jun 2002 11:42:06 -0700 (PDT)
On Tue, 11 Jun 2002, Don wrote:
thats the problem, snort is setup for tcpdump, i cannot replay the dump files, it gives an error, reading the files in an editor reveals there are a number of codered scans, and apparently something in the code prevents the playback, using the command line snort -dr snort.log -c c:\extract\snort.conf -l c:\extract\log snort is restarted daily, creating 0606 () 14-snort log 0607 () 14-snort log, and so on, i copy the logs to/from a remote system and play them back to get the alerts and log structure for parsing and investigation, these particular files from just this system, when i go to rename them to snort.log for the extraction process, it says in use, cannot be renamed, and the file then self-deletes. weird i say.
Well... From reading between the lines and guessing: You're on a Win32 system--I'm sorry. If you're snorting on a *NIX box and bringing the capture files over, be sure you use the right transfer mode. Other things that aren't even guessable: What error? You say you have an error, but _what_ is it? File in use? Did you _stop_ snort from running? If not, it's still got the file descriptor open, and you can't really do too much with that on a Win32 system. How are you running snort? What version of Snort? 1.8.6 is latest release, 1.8.7beta6 is the current beta. What's in your snort.conf? Have you tried just running it as 'snort -vader <filename>' just to make sure the data is valid? If that works, then your problem is in your config file. Cheers! ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________________________ Multimillion Dollar Computer Inventory Live Webcast Auctions Thru Aug. 2002 - http://www.cowanalexander.com/calendar _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- I need some serious help Don (Jun 11)
- Re: I need some serious help Erek Adams (Jun 11)
- RE: I need some serious help Don (Jun 11)
- RE: I need some serious help Erek Adams (Jun 11)
- RE: I need some serious help Don (Jun 11)
- Re: I need some serious help Erek Adams (Jun 11)