[Snort-users] Question about 'logto' and 'log_tcpdump'
Lin.Zhong at ...11426...
Sat May 8 15:50:03 EDT 2004
I see in the snort manual that there is a 'logto' option for the rules, logto: filename
Does it log all the traffic triger the specific alert to this file in a binary mode? Can I still use threshold to control that it only log part of the traffic?
And I have tried to defined a new version of alert as follow
output alert_CSV: new.alerts default
output log_tcpdump: log.packet
I have changed the rule correspondingly.
But when I run snort, it only give me the new.alerts log and there is no log.packet file. I tried log_unified too, but it doesn't work either.
Can anybody telll me why? And what I should do to make it work?
More information about the Snort-users