[Snort-users] alert_full AND log_tcpdump
nkrukauskas at ...10060...
Thu Sep 11 04:38:24 EDT 2003
Is it possible to get SNORT to log packets in both alert_full
(alert log file with packet files in directories per IP address) and
log_tcpdump (binary tcpdump format) modes?
The Snort manual says: "When multiple plugins of the same type
(log, alert) are specified, they are stacked and called in sequence
when an event occurs." Am I reading it wrong or am doing something
wrong in snort.conf file?
In snort.conf I have specified:
output alert_full: alert
output log_tcpdump: tcpdump.log
But then snort logs alerts in file "alert" and packets in
"tcpdump.log". If I comment out tcpdump.log from snort.conf then I get
packets in per IP directories. But I need them both... :(
My snort command line: snort -o -e -c snort.conf -X -d -y -D -i eth0
NK @ Vilnius
P.S. Sorry if I haven't been clear enough. English is not my native
(as one can guess from my name)... :)
More information about the Snort-users