[Snort-users] Snort1.9 TCPdump output file format
erek at ...577...
Tue Oct 8 09:04:02 EDT 2002
On Tue, 8 Oct 2002, Grime, Richard S wrote:
> Just brought a snort 1.9 box up - the TCPDump file format is now coming out
> Instead of the (expected) format of:
> Is there a way to change this back?
> RH7.1 x86 / Snort 1.9.0 (209)
Yes, but you might not want to do that.
With the filesnames in the old format, you could overwrite logfiles within the
same hour. With it using the Unix epoch date tagged on the back, you can't.
If you want to change it look at the "-L" option. From the man page:
Set the filename of the binary log file to binary-log-
file. If this switch is not used, the default name is a
timestamp for the time that the file is created plus
It's not listed in the -?, but it is there.
More information about the Snort-users