[Snort-users] output to directory

Thomas Linden tom at ...2120...
Sat May 26 18:08:16 EDT 2001


I use the following config:
snort chroots to /var/log/snort.d
and logs to dir /  (thus to /var/log/snort.d), which works as expected.

I use the tcpdump log feature:

output log_tcpdump: packet.dump.log

snort does now create many dump logs:
/var/log/snort.d/0525 at ...2122...
/var/log/snort.d/0525 at ...2123...
/var/log/snort.d/0525 at ...2124...
/var/log/snort.d/0525 at ...2125...
/var/log/snort.d/0526 at ...2126...

But I prefer to have the dumps in another subdirectory, so I changed my
output config to this:

output log_tcpdump: packets/packet.dump.log

If I start snort with this config, it complains:

snort: log_tcpdump TcpdumpInitLogFile(): No such file or directory

So, here's my question: How can I specify a directory for tcpdump logs
_different_ then the "snort-wide" log-directory (as specified with -l)?

kind regards, Tom

=> PGP key:  http://daemon.de/key.txt 
=> "Experience is what you got  when
=>  you did not get what you wanted."

More information about the Snort-users mailing list