[Snort-users] Question on /var/log/snort directory

Matt Kettler mkettler at ...4108...
Tue Apr 29 14:55:03 EDT 2003


Those files will contain ASCII packet dumps of packets that triggered 
alerts. You can make snort use the much faster tcpdump binary format for 
these dumps by enabling "log tcpdump" in your snort.conf.

At 04:46 PM 4/29/2003 -0400, stormshadow wrote:
>I was hoping someone could explain some things to me about this
>directory.
>
>I have 4 subdirectories (named after the 4 computers' IPs in my lan) in
>the /var/log/snort directory. Within each directory is something
>similar to this stuff:
>
>TCP:1202-139
>TCP:1239-80
>
>the list goes on and on for each IP. Any ideas?
>Thanks





More information about the Snort-users mailing list