[Snort-users] snort -l <logdir> options disables unlock alert output
fugate at ...15674...
Mon Jun 18 19:28:43 EDT 2012
Simultaneously enabling -A unsock and -l <logdir> appears to disable all alert logging output (packet capture output is logged to the specified logdir). Using -A unsock without specifying a logging directory works as expected and binary pcap data is logged to the /var/log/snort directory while alerts are seen on the unix socket. An instance where this may be desired would be logging alerts to a socket while saving pcap to a directory.
This doesn't look intentional so I suspect it is a bug.
I'm running Snort version 22.214.171.124
More information about the Snort-users