Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: tcpdump format

From: Erek Adams <erek () theadamsfamily net>
Date: Sun, 14 Apr 2002 18:27:55 -0700 (PDT)
On Sun, 14 Apr 2002, Micha Silver wrote:


I'm running version 1.8.4 on our linux box, and I have:

output alert_fast: alerts
output log_tcpdump: snort.log

in the /etc/snort.conf file. This all seems to be working, putting the
alerts and logs into /var/log/snort as I expect, except that a new tcpdump
file is created each time I start snort with a new "time-stamped" name. For
example I'll get a new 0414 () 15-snort log.

Can this be avoided? I'd rather continue using the same file (the way the
'alerts' file works).
Anyone?


Not with 1.8.4, IIRC.  Upgrade to 1.8.6 and use the undocumented -L
<file_name> option.

** WARNING ** Using undocument features can be bad, as they can change from
one release to another.  :)

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net


_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: