[Snort-users] snort packet logging

Vincent Chen vctw at ...131...
Sat Feb 2 21:43:02 EST 2002


Dear all,

I have been running snort for weeks. Until yesterday,
I disable packet logging using command line switch
'-N'. Now I am trying to enable packet logging by
running snort with command line as follow:

snort -D -i tun0 -b -u operator -g operator -t
/export/snort -c /conf/snort.conf -l /log -L packet

The packets suppose to be logged into
/export/snort/log/packet file. After running several
hours, I only got 3 alert but the file 'packet' grow
to several mega bytes. I try to read this file using
command:

snort -v -d -r packet

But I got nothing but this:

TCPDUMP file reading mode.
Reading network traffic from "packet" file.
snaplen = 1514

        --== Initializing Snort ==--

        --== Initialization Complete ==--

-*> Snort! <*-
Version 1.8.3 (Build 88)
By Martin Roesch (roesch at ...1935...,
www.snort.org)
pcap_loop: bogus savefile header

===============================================================================

Snort processed 0 packets.
.
.
.
Snort received signal 3, exiting


Am I doing anything wrong here?


Thanks for your help,

Vincent Chen




__________________________________________________
Do You Yahoo!?
Send your FREE holiday greetings online!
http://greetings.yahoo.com




More information about the Snort-users mailing list