[Snort-users] Snort Logging

Martin Roesch roesch at ...421...
Sun Nov 26 16:29:30 EST 2000


You can do one of two things:

1) Log in binary mode and then dump the packets to a flat file in readback
mode, for example:

snort -b [other options]

snort -dvr [log filename] > [flat-filename]

2) Write an output plugin to do it.  This would actually be pretty straight
forward if you're feeling motivated.  If that's not your cup of tea, I'll see
if I can whip up a plugin to do it sometime soon.

    -Marty


Curtis Hawthorne wrote:
> 
> How do I tell Snort to log all attacks in a single log
> file "/var/log/snort/snort.log"?  Right now it logs
> them in "/var/log/snort/xxx.xxx.xxx.xxx/TCP:from
> port-to port".  Where xxx.xxx.xxx.xxx is the source IP
> address and "from port" is the originating port and
> "to port" is the destination port.  I am using Snort
> 1.5.1-11 that comes with Debian Potato.
> 
> Thanks!
> 
> Curtis H.
> 
> __________________________________________________
> Do You Yahoo!?
> Yahoo! Shopping - Thousands of Stores. Millions of Products.
> http://shopping.yahoo.com/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> http://lists.sourceforge.net/mailman/listinfo/snort-users

-- 
Martin Roesch
roesch at ...421...
http://www.snort.org



More information about the Snort-users mailing list