[Snort-devel] unified2 alert files with trailing period and no appended timestamp?

Bhagya Bantwal bbantwal at ...402...
Fri Jan 17 13:20:19 EST 2014


Hello Mike,

Can you send me your snort.conf, pcap and command line?

Thanks!

B


On Fri, Jan 17, 2014 at 9:04 AM, Mike Cox <mike.cox52 at ...2499...> wrote:

> I'm investigating a client's setup and they are running Snort 2.9.3.1.
>
> The snort conf file has the following line:
>
> *output unified2: filename unified2.alert*
>
> Snort is being run with an explicit '-l' switch to set the log directory.
>
> When I run a pcap thru the engine that generates an alert, the unified2
> alert filename in the log directory looks like this (note the leading
> period and lack of appended timestamp):
>
> *.unified2.alert.0*
>
> Is this a known bug with this version of Snort?  Any other reason why this
> would be happening?
>
> Thanks.
>
> -Mike Cox
>
>
> ------------------------------------------------------------------------------
> CenturyLink Cloud: The Leader in Enterprise Cloud Services.
> Learn Why More Businesses Are Choosing CenturyLink Cloud For
> Critical Workloads, Development Environments & Everything In Between.
> Get a Quote or Start a Free Trial Today.
>
> http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
> _______________________________________________
> Snort-devel mailing list
> Snort-devel at lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/snort-devel
> Archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel
>
> Please visit http://blog.snort.org for the latest news about Snort!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20140117/4df1b0dd/attachment.html>


More information about the Snort-devel mailing list