Snort mailing list archives
Re: Syntax question
From: Martin Roesch <roesch () sourcefire com>
Date: Mon, 06 Jan 2003 11:05:27 -0500
The naming scheme uses a filename.timestamp mechanism to ensure that every new file has a unique filename (so you don't stomp old log files by accident). If you want to get rid of the timestamp suffix on the filename, just edit it out on lines 257 and 260 of spo_log_tcpdump.c. -Marty On 1/5/03 11:07 PM, "Papa Mike" <online_puppy () yahoo ca> wrote:
--- Dustin Decker <dustind () moon-lite com> wrote: > Hello all,I'm new to the list, and using Snort 1.9.0 (Build 209). I'm logging to a binary file in /var/log/snort_dumps, and later replaying them into my DB by hand using -r flag. I'm getting ready to make this somewhat automated, and have hit a minor snag. I use the -L flag with snort to indicate I wish the binary file be named based on the cheezy variable you see displayed below: [snippet from my shell script] STAMP=`/bin/date +%m%d%y-%H`
n:wq
/usr/sbin/snort -b -L /var/log/snort_dumps/$STAMP -i eth0 -c \ /etc/snort/snort.conf This is suiting my purposes quite well, with one exception. I get file names such as this: 010403-09.1041693435 Any recommendations on getting rid of the additional ".1041693435" portion of the file name?Funny. I'm running 1.8.6 and my default tracefile naming convention is "snort-MMdd () hhmm log". That's without using the '-L' switch. When you do, you should just specify the filename, not the path. Give the path with the '-l' switch. ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
-- Martin Roesch - Founder/CTO, Sourcefire Inc. - (410)290-1616 Sourcefire: Professional Snort Sensor and Management Console appliances roesch () sourcefire com - http://www.sourcefire.com Snort: Open Source Network IDS - http://www.snort.org ------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Syntax question Dustin Decker (Jan 04)
- Re: Syntax question Papa Mike (Jan 05)
- Re: Syntax question Martin Roesch (Jan 06)
- Re: Syntax question Papa Mike (Jan 05)