[Snort-users] snort "alert" file is not shown...

Sean C Doherty seand at ...232...
Wed Aug 23 11:19:49 EDT 2000


I ran into a similar problem.  It appears that snort 1.6.3 acts differently
than earlier versions when writing the log file.  The older versions opened,
wrote and then closed the log file on each alert, while 1.6.3 appears to
open the file when run/started, then it keeps it open.  (Older version did
this when using the -A FAST option) This can cause sharing violations etc
when doing "stuff" to the log file.

Sean D

> Hi... i was previously using snort 1.62 and before i had scripts to
> periodically delete my /var/log/snort directory while the snort
> process was
> still running...this caused snort to automatically create a new alert file
> with the new logs... from that period on....  i just recently upgraded to
> 1.63 and this feature doesn't seem to work... the new alert file is not
> created unless i kill the old snort process and start another one..... can
> anyone help with this??/
> I am using redhat 6.2
> with snort command:
> snort -de -i eth0 -c /rules.file
> thanx..
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

More information about the Snort-users mailing list