[Snort-users] Snort1.9 TCPdump output file format

Grime, Richard S richard.grime at ...1913...
Wed Oct 9 01:34:02 EDT 2002


Erek,

Thanks for the advice - but using -L still seems to give the epoch format.
I see your point and eventually want to move onto this format, but any other
ideas on getting back the <month><day> format in the mean time?

It must be looking at the -L, because now I get:

WARNING: command line overrides rules file logging plugin!

Thanks,

Richard



>> Just brought a snort 1.9 box up - the TCPDump file format is now 
>> coming out
>> as:
>>
>> snort.log.xxxxxxxxxx
>>
>> Instead of the (expected) format of:
>>
>> <month><day>@<hour>-snort.log
>>
>> Is there a way to change this back?
>>
>> RH7.1 x86 / Snort 1.9.0 (209)

>Yes, but you might not want to do that.
>
>With the filesnames in the old format, you could overwrite logfiles within
the same hour.  With it using the Unix epoch date tagged on the back, you
can't.
>
>If you want to change it look at the "-L" option.  From the man page:
>
>     -L binary-log-file
>          Set the filename of the binary log file to  binary-log-
>          file. If this switch is not used, the default name is a
>          timestamp for the time that the file  is  created  plus
>          "snort.log".
>
>It's not listed in the -?, but it is there.






More information about the Snort-users mailing list