[Snort-users] Not logging ICMP with logto:

Toby Rodwell trodwell at ...10764...
Tue Dec 16 09:20:09 EST 2003

I'm just getting to grips with Snort.  I've got a VERY simple conf file at
the moment:-

config dump_payload
config logdir: /var/snort/log
log icmp any any -> any any (logto:"icmp.log";)
log ip any any -> any any (logto:"ip.log";)

... which records ALL IP packets, including icmp, in the 'ip.log', when I
had expected all the ICMP packets to go into .../icmp.log.  What gives?


