CSV output problem with snort 1.8.6+suse7.3

[chris - eEurope <info () eeurope de>]

NOCMT
Dear snort fans,
after having looked in the web for similar problems – without any result
-
I may ask you now: why do I get a file (/tmp/file) with size 0 after
starting and ending snort?

snort [-d] -c snortrc

with ruleset (snortrc):
output CSV: /tmp/file default
log any any <> www.xxx.yyy.zzz nn

# www.xxx.yyy.zzz=ip nr and nn=port nr

if I comment out the line beginning with output SCV... there is no file
(/tmp/file) created. But in both cases there will be a standard log file
showing catched packets. I already played around with different option
settings and rulesets but did never get CSV output. (compilation of snort
without any problem). May be is this mystery related to a wrong libpcap
etc. version?

I would be lucky to get a hint
Thanks from Chris/Heidelberg


-------------------------------------------------------
This sf.net email is sponsored by: Jabber - The world's fastest growing
real-time communications platform! Don't just IM. Build it in!
http://www.jabber.com/osdn/xim
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users