Snort3 does not write to alert_full.txt in daemon mode

[oleg gv via Snort-users <snort-users () lists snort org>]

Hello,
Snort3 does not write to alert_full.txt in daemon mode.

When not in daemon mode (no -D) - it writes it to stdout.

I run snort3:
/usr/bin/snort -D -M --daq-dir /usr/local/lib/snort/daqs --daq-dir
/usr/local/lib/snort_extra/daqs --daq-dir /usr/local/daqm/lib/daq
--create-pidfile -y -t / -l /var/log/idsm/ --plugin-path
/usr/local/lib/snort_extra -c /tmp/snort-config --daq afpacket -i ethernet1
-R /tmp/rules.txt -A alert_full --lua alert_full = { file=true }

 /tmp/rules.txt - contains 1 any-any icmp rule.

At exit I've got in syslog:
.....
snort[4680]: detection
snort[4680]:                  analyzed: 7616
snort[4680]:                hard_evals: 1047
 snort[4680]:              total_alerts: 1047
snort[4680]:                    logged: 1047 -- logged but not apper in
alert_full.txt !
....

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette