[Snort-devel] Daemon mode alert file

Martin Roesch roesch at ...48...
Wed Oct 25 22:52:07 EDT 2000


Joe McAlerney wrote:
> 
> I'm not sure when this was implemented, but in the current CVS version I
> noticed that the default logging directory was removed for daemon mode.
> This means if you do not specify a -l argument, Snort will log to a file
> called "alert" in the directory in which it was invoked in.  Is this the
> correct behavior?

Nope, someone (probably me) made a mistake on that one...

> I'm guessing that pv.log_dir has some value or another in it by the time
> OpenAlertFile is called (possibly the default value of
> "/var/log/snort/").  Would it be a good ideas to prepend that to the
> DEFAULT_DAEMON_ALERT_FILE?  That would essentially make the daemon mode
> log to the same place as the normal mode unless the default file name
> was changed.

Yes, I'd like that to happen.

    -Marty

-- 
Martin Roesch
roesch at ...48...
http://www.snort.org



More information about the Snort-devel mailing list