[Snort-users] snort -l <logdir> options disables unlock alert output

Russ Combs rcombs at ...1935...
Tue Jun 19 10:40:26 EDT 2012


Please send the command lines you are using in each case so we can
determine in which mode Snort is operating.

Thanks
Russ

On Mon, Jun 18, 2012 at 7:28 PM, Sunny Fugate <fugate at ...15674...> wrote:

>
> Simultaneously enabling -A unsock and -l <logdir> appears to disable all
> alert logging output (packet capture output is logged to the specified
> logdir).   Using -A unsock without specifying a logging directory works as
> expected and binary pcap data is logged to the /var/log/snort directory
> while alerts are seen on the unix socket.  An instance where this may be
> desired would be logging alerts to a socket while saving pcap to a
> directory.
>
> This doesn't look intentional so I suspect it is a bug.
>
> I'm running Snort version 2.9.1.2
>
> Cheers,
>
>
> Sunny
>
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120619/ee1da26e/attachment.html>


More information about the Snort-users mailing list