Re: Syntax question

[Papa Mike <online_puppy () yahoo ca>]

 --- Dustin Decker <dustind () moon-lite com> wrote: >
Hello all,
> I'm new to the list, and using Snort 1.9.0 (Build
> 209). 
>
> I'm logging to a binary file in
> /var/log/snort_dumps, and later replaying
> them into my DB by hand using -r flag.  I'm getting
> ready to make this
> somewhat automated, and have hit a minor snag.  I
> use the -L flag with
> snort to indicate I wish the binary file be named
> based on the cheezy
> variable you see displayed below:
>
> [snippet from my shell script]
> STAMP=`/bin/date +%m%d%y-%H`
>
> /usr/sbin/snort -b -L /var/log/snort_dumps/$STAMP -i
> eth0 -c \
>       /etc/snort/snort.conf
>
> This is suiting my purposes quite well, with one
> exception.  I get file 
> names such as this:   010403-09.1041693435
>
> Any recommendations on getting rid of the additional
> ".1041693435" portion 
> of the file name?

Funny.  I'm running 1.8.6 and my default tracefile
naming convention is "snort-MMdd () hhmm log".  That's
without using the '-L' switch.  When you do, you
should just specify the filename, not the path.  Give
the path with the '-l' switch.

______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca


-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users