Snort mailing list archives
Question about 'logto' and 'log_tcpdump'
From: Lin.Zhong () Dartmouth EDU (Lin Zhong)
Date: 08 May 2004 18:49:27 EDT
I see in the snort manual that there is a 'logto' option for the rules, logto: filename Does it log all the traffic triger the specific alert to this file in a binary mode? Can I still use threshold to control that it only log part of the traffic? And I have tried to defined a new version of alert as follow ruletype myalert{ type alert output alert_CSV: new.alerts default output log_tcpdump: log.packet } I have changed the rule correspondingly. But when I run snort, it only give me the new.alerts log and there is no log.packet file. I tried log_unified too, but it doesn't work either. Can anybody telll me why? And what I should do to make it work? Many thanks, Lin ------------------------------------------------------- This SF.Net email is sponsored by Sleepycat Software Learn developer strategies Cisco, Motorola, Ericsson & Lucent use to deliver higher performing products faster, at low TCO. http://www.sleepycat.com/telcomwpreg.php?From=osdnemail3 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Question about 'logto' and 'log_tcpdump' Lin Zhong (May 08)