Snort mailing list archives

Previous By Date Next
Previous By Thread Next

output to directory

From: Thomas Linden <tom () daemon de>
Date: Sun, 27 May 2001 00:08:16 +0200 (CEST)
Hello,

I use the following config:
snort chroots to /var/log/snort.d
and logs to dir /  (thus to /var/log/snort.d), which works as expected.

I use the tcpdump log feature:

output log_tcpdump: packet.dump.log

snort does now create many dump logs:
/var/log/snort.d/0525 () 0133-packet dump log
/var/log/snort.d/0525 () 0140-packet dump log
/var/log/snort.d/0525 () 0143-packet dump log
/var/log/snort.d/0525 () 0149-packet dump log
/var/log/snort.d/0526 () 0300-packet dump log

But I prefer to have the dumps in another subdirectory, so I changed my
output config to this:

output log_tcpdump: packets/packet.dump.log

If I start snort with this config, it complains:

snort: log_tcpdump TcpdumpInitLogFile(): No such file or directory

So, here's my question: How can I specify a directory for tcpdump logs
_different_ then the "snort-wide" log-directory (as specified with -l)?



kind regards, Tom



-- 
=> PGP key:  http://daemon.de/key.txt 
=> "Experience is what you got  when
=>  you did not get what you wanted."


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: