[Snort-users] snort -l <logdir> options disables unlock alert output

Russ Combs rcombs at ...1935...
Tue Jun 19 10:40:26 EDT 2012

Please send the command lines you are using in each case so we can
determine in which mode Snort is operating.


On Mon, Jun 18, 2012 at 7:28 PM, Sunny Fugate <fugate at ...15674...> wrote:

> Simultaneously enabling -A unsock and -l <logdir> appears to disable all
> alert logging output (packet capture output is logged to the specified
> logdir).   Using -A unsock without specifying a logging directory works as
> expected and binary pcap data is logged to the /var/log/snort directory
> while alerts are seen on the unix socket.  An instance where this may be
> desired would be logging alerts to a socket while saving pcap to a
> directory.
> This doesn't look intentional so I suspect it is a bug.
> I'm running Snort version
> Cheers,
> Sunny
> ------------------------------------------------------------------------------
> Live Security Virtual Conference
> Exclusive live event will cover all the ways today's security and
> threat landscape has changed and how IT managers can respond. Discussions
> will include endpoint security, mobile security and the latest in malware
> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
> Please visit http://blog.snort.org to stay current on all the latest
> Snort news!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20120619/ee1da26e/attachment.html>

More information about the Snort-users mailing list