Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: snort log formats: .log v.s .u2

From: Marcin Dulak <marcin.dulak () gmail com>
Date: Sun, 19 Feb 2017 10:11:19 +0100
Snort log output depends on what's in snort.conf and the command line
switches like -y, -N.
It takes some experimentation to figure out how they interact.

Marcin

On Sun, Feb 19, 2017 at 8:09 AM, Paul Li <paul () scybersecurity com> wrote:


I've experiencing inconsistent behavior of Snort generating log. (Using
Snort 2.9.9 on Ubuntu 14.04.)

After a fresh installation, the file format is .u2, but the log files
become .log for some reason.  One thing is consistent is that if Snort
generates .log files, it will never generate .u2 file.  I want .u2 files:
sometimes deleting .barnyard2.waldo file help, sometimes need reinstall
Snort.

Kind of feeling it's related to permission. But really not sure. Wondering
where I could find some good document about Snort generating logs.

Thanks,
Paul

------------------------------------------------------------
------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest
Snort news!


------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: