[Snort-users] snort version 2.4.3 not working properly?

Dirk Geschke Dirk_Geschke at ...1344...
Mon Nov 21 08:52:10 EST 2005


> Hello,
>     I'm running version 2.4.3 of snort and here's the issue.
> 
> Observe the following...
> 
> snort-2.4.3 is what we have the latest.
> # pwd
> /usr/local/src/snort-2.4.3/src
> ids1# ./snort -de -l temp -r /var/log/snort/tcpdump.log.1132578001
> Running in packet logging mode
> Log directory = temp
> TCPDUMP file reading mode.
> Reading network traffic from "/var/log/snort/tcpdump.log.1132578001" file.
> snaplen = 1514
> ---REST OF OUTPUT OMMITED as there is not seem to be a problem-

maybe you should read it instead of omitting? There should be a line like:

  The default logging mode is now PCAP, use "-K ascii" to activate 
  the old default logging mode.

Starting with 2.4.1 the default is to use a pcap file, not the ascii as you
observe with 2.4.0 and before...

Best regards

Dirk





More information about the Snort-users mailing list