Snort mailing list archives
FW: Re: alert_full won't create subdirectories for ip addresses when mysql logging is enabled
From: "Frank Knobbe" <fknobbe () knobbeits com>
Date: Wed, 4 Dec 2002 11:37:35 -0600
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
-----Original Message----- From: Hicks, John [mailto:JHicks () JUSTICE GC CA] Sent: Wednesday, December 04, 2002 10:54 AM Frank, Out of curiosity, did you use it with 1.8??? I tried on and old copy and got "*WARNING*: unknown output plugin "log_ascii", ignoring!". However, on my 1.9 node, it works great (I *love* having nicely organized packet files for analysis) Definately a needed feature, imho.
John, under Snort 1.8.7, I'm using the 'output alert_full: alert.ids' in the snort.conf file and start Snort with the '-d' switch. That will dump the application layer (packet data) in ascii into subdirectories. The alert.ids file contains the summary, and if I want details, I just open the detailed text file in the subdirectory (I actually have a script that emails me all those on demand). The 'output log_ascii' does not exist under 1.8.x. I'm not sure how much different that is from the '-d' switch, but I can't imagine what additional data it would log since you get the full packet in ascii with '-d'. Regards, Frank -----BEGIN PGP SIGNATURE----- Version: PGP Personal Privacy 6.5.8 Comment: PGP or S/MIME (X.509) encrypted email preferred. iQA/AwUBPe49X8zYtOFvgXQfEQLgfgCeNXfoa/9V2eRY/+Pe3duJvOg9kw8AoNG3 Qcb+xOh4/cI+RMg4+Pdgh/fu =f3aP -----END PGP SIGNATURE----- ------------------------------------------------------- This SF.net email is sponsored by: Microsoft Visual Studio.NET comprehensive development tool, built to increase your productivity. Try a free online hosted session at: http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- alert_full won't create subdirectories for ip addresses when mysql logging is enabled Peter Schobel (Nov 29)
- Re: alert_full won't create subdirectories for ip addresses when mysql logging is enabled Andrew R. Baker (Nov 29)
- ACID SQL error Faber Fedor (Nov 29)
- <Possible follow-ups>
- RE: alert_full won't create subdirectories for ip addresses when mysql logging is enabled L. Christopher Luther (Dec 02)
- Re: alert_full won't create subdirectories for ip addresses when mysql logging is enabled Andrew R. Baker (Dec 02)
- FW: Re: alert_full won't create subdirectories for ip addresses when mysql logging is enabled Frank Knobbe (Dec 04)