Snort mailing list archives
alert_full AND log_tcpdump
From: Nerijus Krukauskas <nkrukauskas () lb lt>
Date: Thu, 11 Sep 2003 13:57:09 +0300
Is it possible to get SNORT to log packets in both alert_full (alert log file with packet files in directories per IP address) and log_tcpdump (binary tcpdump format) modes?
The Snort manual says: "When multiple plugins of the same type (log, alert) are specified, they are stacked and called in sequence when an event occurs." Am I reading it wrong or am doing something wrong in snort.conf file?
In snort.conf I have specified: output alert_full: alert output log_tcpdump: tcpdump.logBut then snort logs alerts in file "alert" and packets in "tcpdump.log". If I comment out tcpdump.log from snort.conf then I get packets in per IP directories. But I need them both... :(
My snort command line: snort -o -e -c snort.conf -X -d -y -D -i eth0 -- NK @ Vilnius nk.tinkle.ltP.S. Sorry if I haven't been clear enough. English is not my native (as one can guess from my name)... :)
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- alert_full AND log_tcpdump Nerijus Krukauskas (Sep 11)