Snort for windows using config file -- Correlated issue when write out to log and try to read log file back in.

[Don Hall <dhall () rmscollects com>]

To the Snort User Commuinity,

I am using Snort v2.9.12 for Windows, and MySQL for Windows.
A similar issue appears, when I try to wite out to file, and then
Turnaround and try to read in right back in.

In the snort.conf file, I set the test file size to 5MB.
I remove the nostamp to get unique files, with timestamp extension,
For later data analysis.

When I try to write out to log file using the configuration file,
It writes out, as planned.
But right afterwards, when I try to read it back in with -rd or -dr
Command line arguments, I get the following error:

Running in packet dump mode
                --== Initializing Snort ==--
Initializing Output Plugins!
Pcap DAQ configured to read-file/
The DAQ version does not support reload.
ERROR: Can't initialize DAQ pcap (-1) - bad dump file format
FatalError.  Quitting..
Could not set the event message file.

Suggestions and recommendations to fix the issue appreciated.


Don Hall



_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette