SNORT3 - Alerts logging

[ZdenekChladek_cyber <cyber () dopis cz>]

Hello,
I'm studying from the manual how to log alerts:
http://manual-snort-org.s3-website-us-east-1.amazonaws.com/node21.html#SECTION00363000000000000000

Passage from the manual:
******
2.6.3 alert_full
This will print Snort alert messages with full packet headers. The 
alerts will be written in the default logging directory (/var/log/snort) 
or in the logging directory specified at the command line.
******

In my configuration I have tried:
alert_full = {file = true, limit = 1, units = G }
but the log is stored into /home directory in txt format.


I tried to pass as the parameter 'filename' path in many variation but 
any from them doesn't work:

alert_full = {/var/log/, limit = 1, units = G }
FATAL: can't load /usr/local/snort/etc/snort/snort.lua: 
/usr/local/snort/etc/snort/snort.lua:338: unexpected symbol near '/'

alert_full = {'/var/log/', limit = 1, units = G }
ERROR: can't find alert_full

alert_full = {'/var/log/alert.full', limit = 1, units = G }
ERROR: can't find alert_full

alert_full = {alert.full, limit = 1 , units = M }
FATAL: can't init /usr/local/snort/etc/snort/snort.lua: 
/usr/local/snort/etc/snort/snort.lua:338: attempt to index global 
'alert' (a nil value)
Fatal Error, Quitting..


What seems to be different against Snort 2.x are the parameters inside 
{}.
Exist some documentation from where I can get enough information for 
Snort3?

Thank You
ZAJDAN
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette