[Snort-users] snort -l <logdir> options disables unlock alert output

Sunny Fugate fugate at ...15674...
Mon Jun 18 19:28:43 EDT 2012


Simultaneously enabling -A unsock and -l <logdir> appears to disable all alert logging output (packet capture output is logged to the specified logdir).   Using -A unsock without specifying a logging directory works as expected and binary pcap data is logged to the /var/log/snort directory while alerts are seen on the unix socket.  An instance where this may be desired would be logging alerts to a socket while saving pcap to a directory.   

This doesn't look intentional so I suspect it is a bug.

I'm running Snort version 2.9.1.2

Cheers, 


Sunny



More information about the Snort-users mailing list