Re: general questions

[waldo kitty <wkitty42 () windstream net>]

On 3/29/2013 13:22, Jeremy Hoel wrote:
> You need to look at the snort.conf in the output section and see how
> snort outputs it's data.. [...]

funny thing, this... as i've written numerous times before, our particular snort 
installations do not have any output plugins configured and there is nothing in 
the conf or elsewhere that states that snort outputs the text alert and binary 
pcap files /by default/... not unless several of us have missed this in the docs 
somewhere... it took me sending a snort.log.xxxxxxxxxx file to joel for him to 
try to read before he was able to tell us that this was a plain old pcap file...

IMHO, snort should *not* default to naming these as snort.log.xxxxxxxxxx but 
instead snort.pcap.xxxxxxxxxx so as to properly indicate their actual 
contents... granted, if there is an "override" in the output section of the conf 
file, then that should be used but even the examples for defining these should 
not use "log" since it is a pcap instead...

> you need to figure out how you want to use the data in order to
> determine how to output it.

agreed 100%

------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete 
for recognition, cash, and the chance to get your game on Steam. 
$5K grand prize plus 10 genre and skill prizes. Submit your demo 
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!