Snort mailing list archives

Re: Output Plugin - log_ascii

From: Frank Knobbe <fknobbe () knobbeits com>
Date: 03 Dec 2002 11:55:03 -0600

On Tue, 2002-12-03 at 10:49, L. Christopher Luther wrote:

In previous posts regarding logging output, it was noted by some that
Snort apparently has an undocumented output plugin called
"log_ascii", which is the default logging facility if none other is
specified.  And supposedly one can add the option "output log_ascii"
to the snort.conf file to re-enable the ASCII logging facility along
side other logging facilities (e.g., output database: log, ...).  

However, when I specify this plugin in my snort.conf file, both Snort
1.8.6 and 1.8.7 return the following warning when started:  

    *WARNING*: unknown output plugin "log_ascii", ignoring!

Is this output plugin something new to Snort 1.9.x or something else?



Christopher,

I'm not aware of a 'log_ascii' plugin in Snort 1.8.x. I get all the app
layer info in ascii format by using 'alert_full' and specifying the
'Dump Application Layer' option in the command line (I think it is -d).

Hope this helps,
Frank

Attachment: signature.asc
Description: This is a digitally signed message part

Current thread:

Output Plugin - log_ascii L. Christopher Luther (Dec 03)
- Re: Output Plugin - log_ascii Frank Knobbe (Dec 03)
- <Possible follow-ups>
- RE: Output Plugin - log_ascii Hicks, John (Dec 03)