[Snort-users] Syntax question

Dustin Decker dustind at ...7902...
Sat Jan 4 07:32:02 EST 2003


Hello all,
I'm new to the list, and using Snort 1.9.0 (Build 209). 

I'm logging to a binary file in /var/log/snort_dumps, and later replaying
them into my DB by hand using -r flag.  I'm getting ready to make this
somewhat automated, and have hit a minor snag.  I use the -L flag with
snort to indicate I wish the binary file be named based on the cheezy
variable you see displayed below:

[snippet from my shell script]
STAMP=`/bin/date +%m%d%y-%H`

/usr/sbin/snort -b -L /var/log/snort_dumps/$STAMP -i eth0 -c \
	/etc/snort/snort.conf

This is suiting my purposes quite well, with one exception.  I get file 
names such as this:	010403-09.1041693435

Any recommendations on getting rid of the additional ".1041693435" portion 
of the file name?  I had expected that -L would override this but doesn't 
appear to.  Many thanks,

Dustin






More information about the Snort-users mailing list