Snort mailing list archives

Previous By Date Next
Previous By Thread Next

alert_full AND log_tcpdump

From: Nerijus Krukauskas <nkrukauskas () lb lt>
Date: Thu, 11 Sep 2003 13:57:09 +0300
Is it possible to get SNORT to log packets in both alert_full (alert log file with packet files in directories per IP address) and log_tcpdump (binary tcpdump format) modes?
The Snort manual says: "When multiple plugins of the same type (log, alert) are specified, they are stacked and called in sequence when an event occurs." Am I reading it wrong or am doing something wrong in snort.conf file? 

  In snort.conf I have specified:
output alert_full: alert
output log_tcpdump: tcpdump.log
But then snort logs alerts in file "alert" and packets in "tcpdump.log". If I comment out tcpdump.log from snort.conf then I get packets in per IP directories. But I need them both... :( 

  My snort command line: snort -o -e -c snort.conf -X -d -y -D -i eth0

--
NK @ Vilnius
nk.tinkle.lt
P.S. Sorry if I haven't been clear enough. English is not my native (as one can guess from my name)... :) 



-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: