Snort mailing list archives
Re: Question on /var/log/snort directory
From: Matt Kettler <mkettler () evi-inc com>
Date: Tue, 29 Apr 2003 17:53:18 -0400
Those files will contain ASCII packet dumps of packets that triggered alerts. You can make snort use the much faster tcpdump binary format for these dumps by enabling "log tcpdump" in your snort.conf.
At 04:46 PM 4/29/2003 -0400, stormshadow wrote:
I was hoping someone could explain some things to me about this directory. I have 4 subdirectories (named after the 4 computers' IPs in my lan) in the /var/log/snort directory. Within each directory is something similar to this stuff: TCP:1202-139 TCP:1239-80 the list goes on and on for each IP. Any ideas? Thanks
------------------------------------------------------- This sf.net email is sponsored by:ThinkGeek Welcome to geek heaven. http://thinkgeek.com/sf _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question on /var/log/snort directory stormshadow (Apr 29)
- Re: Question on /var/log/snort directory Matt Kettler (Apr 29)
- <Possible follow-ups>
- Re: Question on /var/log/snort directory Neil Dickey (Apr 29)
- RE: Question on /var/log/snort directory Slighter, Tim (Apr 29)