FW: [Snort-users] Re: alert_full won't create subdirectories for ip addresses when mysql logging is enabled
fknobbe at ...652...
Wed Dec 4 09:39:02 EST 2002
-----BEGIN PGP SIGNED MESSAGE-----
> -----Original Message-----
> From: Hicks, John [mailto:JHicks at ...5857...]
> Sent: Wednesday, December 04, 2002 10:54 AM
> Out of curiosity, did you use it with 1.8??? I tried on and
> old copy and got
> "*WARNING*: unknown output plugin "log_ascii", ignoring!".
> However, on my
> 1.9 node, it works great (I *love* having nicely organized
> packet files for
> Definately a needed feature, imho.
under Snort 1.8.7, I'm using the 'output alert_full: alert.ids' in
the snort.conf file and start Snort with the '-d' switch. That will
dump the application layer (packet data) in ascii into
subdirectories. The alert.ids file contains the summary, and if I
want details, I just open the detailed text file in the subdirectory
(I actually have a script that emails me all those on demand).
The 'output log_ascii' does not exist under 1.8.x. I'm not sure how
much different that is from the '-d' switch, but I can't imagine what
additional data it would log since you get the full packet in ascii
-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.
-----END PGP SIGNATURE-----
More information about the Snort-users