[Snort-devel] Daemon mode alert file

Joe McAlerney joey at ...63...
Wed Oct 25 22:31:33 EDT 2000


I'm not sure when this was implemented, but in the current CVS version I
noticed that the default logging directory was removed for daemon mode. 
This means if you do not specify a -l argument, Snort will log to a file
called "alert" in the directory in which it was invoked in.  Is this the
correct behavior?

I'm guessing that pv.log_dir has some value or another in it by the time
OpenAlertFile is called (possibly the default value of
"/var/log/snort/").  Would it be a good ideas to prepend that to the
DEFAULT_DAEMON_ALERT_FILE?  That would essentially make the daemon mode
log to the same place as the normal mode unless the default file name
was changed.

-Joe M.

PS: Jed, line 679 of spo_xml.c is missin' an extra 'i' in ascii.  You
wouldn't catch it unless you compiled with -DDEBUG. :-)

-- 
+--                              --+
| Joe McAlerney, Silicon Defense   |
| http://www.silicondefense.com/   |
+--                              --+



More information about the Snort-devel mailing list