[Snort-users] snort -l <logdir> options disables unsock alert output

Sunny Fugate fugate at ...15674...
Tue Jun 19 11:44:50 EDT 2012


Nevermind...apparently I need more sleep.  The location of the unsock file is wherever you tell it to be....as specified by the -l option or your snort.conf. 

-S

On Jun 18, 2012, at 5:53 PM, Sunny James Fugate wrote:

> Subject was intended to read "unsock alert output". 
> 
> On Jun 18, 2012, at 5:28 PM, Sunny Fugate wrote:
> 
>> 
>> Simultaneously enabling -A unsock and -l <logdir> appears to disable all alert logging output (packet capture output is logged to the specified logdir).   Using -A unsock without specifying a logging directory works as expected and binary pcap data is logged to the /var/log/snort directory while alerts are seen on the unix socket.  An instance where this may be desired would be logging alerts to a socket while saving pcap to a directory.   
>> 
>> This doesn't look intentional so I suspect it is a bug.
>> 
>> I'm running Snort version 2.9.1.2
>> 
>> Cheers, 
>> 
>> 
>> Sunny
>> ------------------------------------------------------------------------------
>> Live Security Virtual Conference
>> Exclusive live event will cover all the ways today's security and 
>> threat landscape has changed and how IT managers can respond. Discussions 
>> will include endpoint security, mobile security and the latest in malware 
>> threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/
>> _______________________________________________
>> Snort-users mailing list
>> Snort-users at lists.sourceforge.net
>> Go to this URL to change user options or unsubscribe:
>> https://lists.sourceforge.net/lists/listinfo/snort-users
>> Snort-users list archive:
>> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>> 
>> Please visit http://blog.snort.org to stay current on all the latest Snort news!
> 





More information about the Snort-users mailing list