Snort mailing list archives

tcpdump format

From: Micha Silver <Micha () arava co il>
Date: Sun, 14 Apr 2002 15:25:21 +0200

I'm running version 1.8.4 on our linux box, and I have:

output alert_fast: alerts
output log_tcpdump: snort.log

in the /etc/snort.conf file. This all seems to be working, putting the
alerts and logs into /var/log/snort as I expect, except that a new tcpdump
file is created each time I start snort with a new "time-stamped" name. For
example I'll get a new 0414 () 15-snort log. 

Can this be avoided? I'd rather continue using the same file (the way the
'alerts' file works).
Anyone?

TIA

Micha Silver
Arava Development Co
micha () arava co il
tel: (972) 8-6592270
cellular: (972) 53-665918

"What good are computers? They can only give you answers." ~ Pablo Picasso



_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

tcpdump format Micha Silver (Apr 14)
- Re: tcpdump format Erek Adams (Apr 14)