Snort mailing list archives

Re: snort -l <logdir> options disables unsock alert output

From: Sunny James Fugate <sunny.fugate () gmail com>
Date: Mon, 18 Jun 2012 17:53:10 -0600

Subject was intended to read "unsock alert output". 

On Jun 18, 2012, at 5:28 PM, Sunny Fugate wrote:


Simultaneously enabling -A unsock and -l <logdir> appears to disable all alert logging output (packet capture output 
is logged to the specified logdir).   Using -A unsock without specifying a logging directory works as expected and 
binary pcap data is logged to the /var/log/snort directory while alerts are seen on the unix socket.  An instance 
where this may be desired would be logging alerts to a socket while saving pcap to a directory.   

This doesn't look intentional so I suspect it is a bug.

I'm running Snort version 2.9.1.2

Cheers, 


Sunny
------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!



------------------------------------------------------------------------------
Live Security Virtual Conference
Exclusive live event will cover all the ways today's security and 
threat landscape has changed and how IT managers can respond. Discussions 
will include endpoint security, mobile security and the latest in malware 
threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

snort -l <logdir> options disables unlock alert output Sunny Fugate (Jun 18)
- Re: snort -l <logdir> options disables unsock alert output Sunny James Fugate (Jun 18)
  - Re: snort -l <logdir> options disables unsock alert output Sunny Fugate (Jun 19)
- Re: snort -l <logdir> options disables unlock alert output Russ Combs (Jun 19)