[Snort-devel] unified2 alert files with trailing period and no appended timestamp?

Mike Cox mike.cox52 at ...2499...
Fri Jan 17 09:04:49 EST 2014


I'm investigating a client's setup and they are running Snort 2.9.3.1.

The snort conf file has the following line:

*output unified2: filename unified2.alert*

Snort is being run with an explicit '-l' switch to set the log directory.

When I run a pcap thru the engine that generates an alert, the unified2
alert filename in the log directory looks like this (note the leading
period and lack of appended timestamp):

*.unified2.alert.0*

Is this a known bug with this version of Snort?  Any other reason why this
would be happening?

Thanks.

-Mike Cox
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140117/4c91efe5/attachment.html>


More information about the Snort-devel mailing list