[Snort-devel] Logging by Source or Destination IP?

Robert Wagner rwagner at ...1225...
Thu Apr 25 07:23:06 EDT 2002

I am not sure if this is normal or has changed since I upgraded to 1.8.6.
When looking for packets, I usually goto the Source IP under /var/log/snort.
I noticed that some of the packets are logging under the destination IP.
(UDP stood out).

Has something changed?  Thanks in advance for your assistance.  

More information about the Snort-devel mailing list