Snort mailing list archives
Re: unified2 alert files with trailing period and no appended timestamp?
From: Bhagya Bantwal <bbantwal () sourcefire com>
Date: Fri, 17 Jan 2014 13:20:19 -0500
Hello Mike, Can you send me your snort.conf, pcap and command line? Thanks! B On Fri, Jan 17, 2014 at 9:04 AM, Mike Cox <mike.cox52 () gmail com> wrote:
I'm investigating a client's setup and they are running Snort 2.9.3.1. The snort conf file has the following line: *output unified2: filename unified2.alert* Snort is being run with an explicit '-l' switch to set the log directory. When I run a pcap thru the engine that generates an alert, the unified2 alert filename in the log directory looks like this (note the leading period and lack of appended timestamp): *.unified2.alert.0* Is this a known bug with this version of Snort? Any other reason why this would be happening? Thanks. -Mike Cox ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- unified2 alert files with trailing period and no appended timestamp? Mike Cox (Jan 17)
- Re: unified2 alert files with trailing period and no appended timestamp? Bhagya Bantwal (Jan 17)
- Re: unified2 alert files with trailing period and no appended timestamp? Mike Cox (Jan 17)
- Re: unified2 alert files with trailing period and no appended timestamp? Bhagya Bantwal (Jan 21)
- Re: unified2 alert files with trailing period and no appended timestamp? Mike Cox (Jan 24)
- Re: unified2 alert files with trailing period and no appended timestamp? Mike Cox (Jan 17)
- Re: unified2 alert files with trailing period and no appended timestamp? Bhagya Bantwal (Jan 17)