[Snort-users] Not logging ICMP with logto:

Toby Rodwell trodwell at ...10764...
Tue Dec 16 09:20:09 EST 2003


I'm just getting to grips with Snort.  I've got a VERY simple conf file at
the moment:-

config dump_payload
config logdir: /var/snort/log
log icmp any any -> any any (logto:"icmp.log";)
log ip any any -> any any (logto:"ip.log";)

... which records ALL IP packets, including icmp, in the 'ip.log', when I
had expected all the ICMP packets to go into .../icmp.log.  What gives?

Thanks
Toby


---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.551 / Virus Database: 343 - Release Date: 11/12/2003





More information about the Snort-users mailing list