Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Snort1.9 TCPdump output file format

From: Erek Adams <erek () theadamsfamily net>
Date: Tue, 8 Oct 2002 09:03:16 -0700 (PDT)
On Tue, 8 Oct 2002, Grime, Richard S wrote:


Just brought a snort 1.9 box up - the TCPDump file format is now coming out
as:

snort.log.xxxxxxxxxx

Instead of the (expected) format of:

<month><day>@<hour>-snort.log

Is there a way to change this back?

RH7.1 x86 / Snort 1.9.0 (209)


Yes, but you might not want to do that.

With the filesnames in the old format, you could overwrite logfiles within the
same hour.  With it using the Unix epoch date tagged on the back, you can't.

If you want to change it look at the "-L" option.  From the man page:

     -L binary-log-file
          Set the filename of the binary log file to  binary-log-
          file. If this switch is not used, the default name is a
          timestamp for the time that the file  is  created  plus
          "snort.log".

It's not listed in the -?, but it is there.

Cheers!

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: