[Snort-users] How do I change the output log name format
cmccollister at ...7629...
Fri Dec 20 10:40:01 EST 2002
I am reposting this from November 27 hoping for some insight.
I am running a Windows 2000 Pro workstation using Snort 1.9.0, build
209, in IDS mode. After I upgraded to Snort 1.9.0 for Windows, the
output file format changed from snort-mmdd at ...5774... to
snort.log.xxxxxxxxxx. I understand from earlier postings that the new
default format is epoch format. I have also seen references in earlier
posts to use the undocumented -L switch to return the output to the old
format. I tried that as follows:
snort -c c:\snort\snort.conf -A fast -i 3 -l c:\log -L
snort -c c:\snort\snort.conf -A fast -i 3 -l c:\log -L snort.log
snort -L snort -l c:\log -c c:\snort\snort.conf -A fast -i 3
The first line represents the -L switch without any options. It errors
and Snorts doesn't start. Lines 2 and 3 both start Snort with an output
filename of snort.log.xxxxxxxxxx. The -L switch does allow me to change
the filename to the left of the period. However, the -L switch didn't
change the output file behavior back to the old default
(snort-mmdd at ...5774...). In the earlier posts the -L switch also didn't
appear to resolve the problem (2002-10-09 01:33 RE: Snort1.9 TCPdump
output file format).
Is there any way to get the old output file format back without
downgrading the version of Snort?
More information about the Snort-users