Snort mailing list archives
Re: Snort read file to generate u2 logs.
From: Paul Li <paul () scybersecurity com>
Date: Tue, 21 Feb 2017 23:05:13 -0500
(Sorry the previous email was broke. ) Al, do you indicate that Snort should generate .u2 files when it reads from a file? Thanks, Paul On Tue, Feb 21, 2017 at 11:04 PM, Paul Li <paul () scybersecurity com> wrote:
Yes, Al, there's .log file generated in the directory /var/log/snort. also, the same user can generate .u2 log when snort reads directly from the network interface. So do you indicate that On Tue, Feb 21, 2017 at 10:57 PM, Al Lewis (allewi) <allewi () cisco com> wrote:Have you checked if the snort user has permissions to write to the output directory? Are the logs created when you run snort as root? *Albert Lewis* ENGINEER.SOFTWARE ENGINEERING SOURCE*fire*, Inc. now part of *Cisco* Email: allewi () cisco com From: Paul Li <paul () scybersecurity com> Date: Tuesday, February 21, 2017 at 10:17 PM To: 'snort-users' <snort-users () lists sourceforge net> Subject: [Snort-users] Snort read file to generate u2 logs. I'm using Snort read a file to generate alerts with the following command: sudo snort -q -u snort-user -g snort-group -c /etc/snort/snort.conf -r file-name Snort can generate alerts but doesn't create u2 log files, neither other output (e.g., csv) , although the same snort.conf file will generate both alerts and .u2 files.) Wondering if there's a way Snort can generate specified format logs when reading a file. Thanks, Paul
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Snort read file to generate u2 logs. Paul Li (Feb 21)
- Re: Snort read file to generate u2 logs. Al Lewis (allewi) (Feb 21)
- Re: Snort read file to generate u2 logs. Paul Li (Feb 21)
- Re: Snort read file to generate u2 logs. Paul Li (Feb 21)
- Re: Snort read file to generate u2 logs. Paul Li (Feb 21)
- Re: Snort read file to generate u2 logs. Al Lewis (allewi) (Feb 22)
- Re: Snort read file to generate u2 logs. Al Lewis (allewi) (Feb 21)