Snort mailing list archives

Re: Question on /var/log/snort directory

From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 29 Apr 2003 17:53:18 -0400

Those files will contain ASCII packet dumps of packets that triggeredalerts. You can make snort use the much faster tcpdump binary format forthese dumps by enabling "log tcpdump" in your snort.conf.


At 04:46 PM 4/29/2003 -0400, stormshadow wrote:

I was hoping someone could explain some things to me about this
directory.

I have 4 subdirectories (named after the 4 computers' IPs in my lan) in
the /var/log/snort directory. Within each directory is something
similar to this stuff:

TCP:1202-139
TCP:1239-80

the list goes on and on for each IP. Any ideas?
Thanks




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Question on /var/log/snort directory stormshadow (Apr 29)
- Re: Question on /var/log/snort directory Matt Kettler (Apr 29)
- <Possible follow-ups>
- Re: Question on /var/log/snort directory Neil Dickey (Apr 29)
- RE: Question on /var/log/snort directory Slighter, Tim (Apr 29)