Snort mailing list archives
Re: tcpdump format
From: Erek Adams <erek () theadamsfamily net>
Date: Sun, 14 Apr 2002 18:27:55 -0700 (PDT)
On Sun, 14 Apr 2002, Micha Silver wrote:
I'm running version 1.8.4 on our linux box, and I have: output alert_fast: alerts output log_tcpdump: snort.log in the /etc/snort.conf file. This all seems to be working, putting the alerts and logs into /var/log/snort as I expect, except that a new tcpdump file is created each time I start snort with a new "time-stamped" name. For example I'll get a new 0414 () 15-snort log. Can this be avoided? I'd rather continue using the same file (the way the 'alerts' file works). Anyone?
Not with 1.8.4, IIRC. Upgrade to 1.8.6 and use the undocumented -L <file_name> option. ** WARNING ** Using undocument features can be bad, as they can change from one release to another. :) ----- Erek Adams Nifty-Type-Guy TheAdamsFamily.Net _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- tcpdump format Micha Silver (Apr 14)
- Re: tcpdump format Erek Adams (Apr 14)