[Snort-users] How do I change the output log name format

Charles McCollister cmccollister at ...7629...
Fri Dec 20 10:40:01 EST 2002


Greetings all,

I am reposting this from November 27 hoping for some insight.

I am running a Windows 2000 Pro workstation using Snort 1.9.0, build
209, in IDS mode. After I upgraded to Snort 1.9.0 for Windows, the
output file format changed from snort-mmdd at ...5774... to
snort.log.xxxxxxxxxx. I understand from earlier postings that the new
default format is epoch format. I have also seen references in earlier
posts to use the undocumented -L switch to return the output to the old
format. I tried that as follows:

snort -c c:\snort\snort.conf -A fast -i 3 -l c:\log -L

snort -c c:\snort\snort.conf -A fast -i 3 -l c:\log -L snort.log

snort -L snort -l c:\log -c c:\snort\snort.conf -A fast -i 3

The first line represents the -L switch without any options. It errors
and Snorts doesn't start. Lines 2 and 3 both start Snort with an output
filename of snort.log.xxxxxxxxxx. The -L switch does allow me to change
the filename to the left of the period. However, the -L switch didn't
change the output file behavior back to the old default
(snort-mmdd at ...5774...). In the earlier posts the -L switch also didn't
appear to resolve the problem (2002-10-09 01:33 RE: Snort1.9 TCPdump
output file format).

Is there any way to get the old output file format back without
downgrading the version of Snort?

Thanks,
Charles McCollister






More information about the Snort-users mailing list