Snort3 generating multiple alert files

[João Soares <joaops () dei uc pt>]

Greetings,

I'm trying to learn and adapt to snort3 and it's not being easy.

I'm running snort3 with this command:

snort -l /root/snort-logs -A full -i eth0 -c etc/snort/snort.lua -D -z 0
-d -e -w -X -y

I have a two questions and I would really appreciate it if you guys
could help me out:

*1 *- Why is snort3 making a new alert file each time the original file
reaches approximately 4kb? How can I change that?

*2* - How can I make snort3 log both alerts and pcaps of intrusions, I
can't get it to work, I have tried combining both -A and -L options but
I can only get one of them to be logged.

I'm sorry if these are really obvious questions, but I've read the
manual and I can't seem to find the answers.

Best regards and thank you for your time!

-- 
João Soares

SIC - Serviço de Informática e Comunicações
https://helpdesk.dei.uc.pt
Department of Informatics Engineering
Faculty of Science and Technology
University of Coimbra

------------------------------------------------------------------------------
Mobile security can be enabling, not merely restricting. Employees who
bring their own devices (BYOD) to work are irked by the imposition of MDM
restrictions. Mobile Device Manager Plus allows you to control only the
apps on BYO-devices by containerizing them, leaving personal data untouched!
https://ad.doubleclick.net/ddm/clk/304595813;131938128;j

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!