[Snort-users] More questions on Snort/barnyard

sudhakar govindavajhala sudhakarg79spam at ...11827...
Thu Jan 31 13:01:41 EST 2008

Thanks Paul.

> 2) Why do I get this error?  How can I shut this off?  Is this warning a
> problem?
> WARNING: Unable to extract timestamp file extension from 'snort.log'

Shut what off?

Sudhakar: Why I get this warning? "WARNING: Unable to extract timestamp file
extension from 'snort.log'"

What can I do to turn off this warning?


> 3) What is a good size to set for files below?
># Two arguments are supported.
>#    filename - base filename to write to (current time_t is appended)
>#    limit    - maximum size of spool file in MB (default: 128)
>  output alert_unified: filename snort.alert, limit 128
>  output log_unified: filename snort.log, limit 128
> What happens when the file size (128) is reached? Does Snort die or

The defaults are fine.  When they're reached, snort simply starts a new

> 4) I briefly looked at implementation of barnyard. I may be wrong here.
> does barnyard poll the directory? Is it busy-looping?

It watches for new entries in the log.

> 5) What is the difference between alert and log?  I am thinking alert is
> human readable version.  What is the difference between snort.log and
> snort.log.timestamp?

You really need to learn how to do your own research.  Most of your
have already been asked hundreds of times and answered.


Paul Schmehl (pauls at ...6838...)
Senior Information Security Analyst
The University of Texas at Dallas

This SF.net email is sponsored by: Microsoft
Defy all challenges. Microsoft(R) Visual Studio 2008.
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20080131/0e3c9e05/attachment.html>

More information about the Snort-users mailing list