Re: Multiple log files

[Jason Ish <lists () unx ca>]

On Fri, Jan 9, 2015 at 8:49 AM, test engineer <test12524 () gmail com> wrote:
> Thanks Waldo, yes they are pcaps (to be specific).  The odd thing is I'm
> running 8 snort processes. (in a test environment)
>
> /usr/sbin/snort -A fast -U -b -d -e -D -i dag0:0 -c /etc/snort/snort.conf -l
> /var/log/snort
> /usr/sbin/snort -A fast -U -b -d -e -D -i dag0:2 -c /etc/snort/snort.conf -l
> /var/log/snort
> /usr/sbin/snort -A fast -U -b -d -e -D -i dag0:4 -c /etc/snort/snort.conf -l
> /var/log/snort
> etc... up to dag0:14.
>
> Based on your comment, there should be 8 log (pcap) files but there is not
> The question I'm trying to answer is why are there
> 2 or sometimes 3 pcap files?  Also...only one of the pcap files collects
> data, the others are empty.

While it might be possible to do this using a shared logging
directory, I find it easier to manage multiple instances using the
same configuration if you give each its own log directory.  Other
apps, like barnyard2 will be happier with this type of setup as well.

Jason

------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!