Snort mailing list archives
Alert file question
From: "Jason Fischer" <JFischer () kaytee com>
Date: Wed, 23 Jun 2004 09:13:47 -0500
I'm using snort 2.1 on a Suse 9.1 system. Everything works great, except for a problem with the alert file. I'm using '-A fast' as my alert option. Every morning at 4:15 am the alert file archives itself into a .gz file. The new alert file that gets created never goes about 20 bytes. This empty file will then get archived into another .gz file and the process starts again. My question is: Why does this new alert file remain empty? Also, if I could set it up so the alert file doesn't archive itself every morning, that would great as well. I didn't see anything in snort.conf that would allow for this. Thanks! Jason Confidentiality Notice: This e-mail contains information that is privileged and confidential and subject to legal restrictions and penalties regarding its unauthorized disclosure or other use. You are prohibited from copying, distributing or otherwise using this information if you are not the intended recipient. If you have received this e-mail in error, please notify us immediately by return e-mail and delete this e-mail and all attachments from your system. Thank you! Kaytee Products, Inc. 521 Clay Street Chilton, WI 53014 (920)849-2321 ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Alert file question Jason Fischer (Jun 23)
- Re: Alert file question sekure (Jun 23)
- <Possible follow-ups>
- Re: Alert file question Jason Fischer (Jun 24)