[Snort-users] snort packet logging
vctw at ...131...
Sat Feb 2 21:43:02 EST 2002
I have been running snort for weeks. Until yesterday,
I disable packet logging using command line switch
'-N'. Now I am trying to enable packet logging by
running snort with command line as follow:
snort -D -i tun0 -b -u operator -g operator -t
/export/snort -c /conf/snort.conf -l /log -L packet
The packets suppose to be logged into
/export/snort/log/packet file. After running several
hours, I only got 3 alert but the file 'packet' grow
to several mega bytes. I try to read this file using
snort -v -d -r packet
But I got nothing but this:
TCPDUMP file reading mode.
Reading network traffic from "packet" file.
snaplen = 1514
--== Initializing Snort ==--
--== Initialization Complete ==--
-*> Snort! <*-
Version 1.8.3 (Build 88)
By Martin Roesch (roesch at ...1935...,
pcap_loop: bogus savefile header
Snort processed 0 packets.
Snort received signal 3, exiting
Am I doing anything wrong here?
Thanks for your help,
Do You Yahoo!?
Send your FREE holiday greetings online!
More information about the Snort-users