Re: Log file problem

[Dave Cinege <dcinege () psychosis com>]

Ush wrote:
> Hello,
>
> I am running snort (v1.8), and wish to know how to make snort log everyting
> to one single text file. (in plain text).
>
> Ie, the output which would normally go to syslog with the -s option, I want
> to go to a file of another name.
>
> How do I do this.
>
> I have searched www.snort.org for a way of doing this, but I just can't seam
> to find an answer :-(
>
> My previous 1.5 install used to log everything to /var/log/snort.alert. I
> wish to continue to do this.
>
> In my /var/log/snort directory, some things are listed by sub directories of
> the IP address in question, and never go to /var/log/snort/alerts etc.
>
> How can I just make the whole damm lot go to one single file (like
> /var/log/snort.alert)
>
> Other than that, I have snort working just fine.
>
> Thanks in advance.

Same problem, and i just happened to fix an hour ago. Take a look
at the csv module which let's you spec what items to send to a file.

With some minor work I was able to get this to log packet data as well.

If you can C it's a simple framework to output anyway you want.

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
http://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users