Snort mailing list archives
Re: snort -l <logdir> options disables unsock alert output
From: Sunny James Fugate <sunny.fugate () gmail com>
Date: Mon, 18 Jun 2012 17:53:10 -0600
Subject was intended to read "unsock alert output". On Jun 18, 2012, at 5:28 PM, Sunny Fugate wrote:
Simultaneously enabling -A unsock and -l <logdir> appears to disable all alert logging output (packet capture output is logged to the specified logdir). Using -A unsock without specifying a logging directory works as expected and binary pcap data is logged to the /var/log/snort directory while alerts are seen on the unix socket. An instance where this may be desired would be logging alerts to a socket while saving pcap to a directory. This doesn't look intentional so I suspect it is a bug. I'm running Snort version 2.9.1.2 Cheers, Sunny ------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort -l <logdir> options disables unlock alert output Sunny Fugate (Jun 18)
- Re: snort -l <logdir> options disables unsock alert output Sunny James Fugate (Jun 18)
- Re: snort -l <logdir> options disables unsock alert output Sunny Fugate (Jun 19)
- Re: snort -l <logdir> options disables unlock alert output Russ Combs (Jun 19)
- Re: snort -l <logdir> options disables unsock alert output Sunny James Fugate (Jun 18)