[Snort-users] snort -l <logdir> options disables unsock alert output

Sunny James Fugate sunny.fugate at ...11827...
Mon Jun 18 19:53:10 EDT 2012


Subject was intended to read "unsock alert output". 

On Jun 18, 2012, at 5:28 PM, Sunny Fugate wrote:

> 
> Simultaneously enabling -A unsock and -l <logdir> appears to disable all alert logging output (packet capture output is logged to the specified logdir).   Using -A unsock without specifying a logging directory works as expected and binary pcap data is logged to the /var/log/snort directory while alerts are seen on the unix socket.  An instance where this may be desired would be logging alerts to a socket while saving pcap to a directory.   
> 
> This doesn't look intentional so I suspect it is a bug.
> 
> I'm running Snort version 2.9.1.2
> 
> Cheers, 
> 
> 
> Sunny
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and 
> threat landscape has changed and how IT managers can respond. Discussions 
> will include endpoint security, mobile security and the latest in malware 
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!





More information about the Snort-users mailing list