AW: AW: [Snort-users] snort filter

Erek Adams erek at ...577...
Wed Sep 26 14:27:02 EDT 2001


On Wed, 26 Sep 2001, Eduard Meiler wrote:

> doing this I get an error:
>
> Reading network traffic from xxxxx-snort.log file
> ERROR-> unable to open file xxxxx-snort.log for readback : archaic file
> format
> Fatal Error Quitting
>
> any ideas ???

If have these two lines enabled in your config:

 output alert_unified: snort.alert
 output log_unified: snort.log

You'll need to use Barnyard to read and parse the data.  Barnyard is at
http://www.snort.org/downloads.html#1.25 .

If you're not using that, then you may have a corrupt file or something...  :(

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list