[Snort-users] output to directory
tom at ...2120...
Sat May 26 18:08:16 EDT 2001
I use the following config:
snort chroots to /var/log/snort.d
and logs to dir / (thus to /var/log/snort.d), which works as expected.
I use the tcpdump log feature:
output log_tcpdump: packet.dump.log
snort does now create many dump logs:
/var/log/snort.d/0525 at ...2122...
/var/log/snort.d/0525 at ...2123...
/var/log/snort.d/0525 at ...2124...
/var/log/snort.d/0525 at ...2125...
/var/log/snort.d/0526 at ...2126...
But I prefer to have the dumps in another subdirectory, so I changed my
output config to this:
output log_tcpdump: packets/packet.dump.log
If I start snort with this config, it complains:
snort: log_tcpdump TcpdumpInitLogFile(): No such file or directory
So, here's my question: How can I specify a directory for tcpdump logs
_different_ then the "snort-wide" log-directory (as specified with -l)?
kind regards, Tom
=> PGP key: http://daemon.de/key.txt
=> "Experience is what you got when
=> you did not get what you wanted."
More information about the Snort-users