[Snort-users] Syntax question

Papa Mike online_puppy at ...4554...
Sun Jan 5 20:08:04 EST 2003


 --- Dustin Decker <dustind at ...7902...> wrote: >
Hello all,
> I'm new to the list, and using Snort 1.9.0 (Build
> 209). 
> 
> I'm logging to a binary file in
> /var/log/snort_dumps, and later replaying
> them into my DB by hand using -r flag.  I'm getting
> ready to make this
> somewhat automated, and have hit a minor snag.  I
> use the -L flag with
> snort to indicate I wish the binary file be named
> based on the cheezy
> variable you see displayed below:
> 
> [snippet from my shell script]
> STAMP=`/bin/date +%m%d%y-%H`
> 
> /usr/sbin/snort -b -L /var/log/snort_dumps/$STAMP -i
> eth0 -c \
> 	/etc/snort/snort.conf
> 
> This is suiting my purposes quite well, with one
> exception.  I get file 
> names such as this:	010403-09.1041693435
> 
> Any recommendations on getting rid of the additional
> ".1041693435" portion 
> of the file name?

Funny.  I'm running 1.8.6 and my default tracefile
naming convention is "snort-MMdd at ...4010...".  That's
without using the '-L' switch.  When you do, you
should just specify the filename, not the path.  Give
the path with the '-l' switch.

______________________________________________________________________ 
Post your free ad now! http://personals.yahoo.ca




More information about the Snort-users mailing list