[Snort-users] SNORT not saving pcap file

jtravlos at ...15803... jtravlos at ...15803...
Thu Oct 25 14:54:45 EDT 2012


I'm running snort 2.9.3.1 on CentOS 6.3 capturing traffic via Endace DAG card. I want to save to a file (pcap format) the traffic that it sees. I know in snort.conf there are some settings, but it does not appears to save the file. When ever I use the snort.conf, it is not saved.


The settings are:
config logdir: /data/snortlog


# pcap
output log_tcpdump: tcpdump.log


The command I'm using to start snort:


./snort -d -b -i dag0:0 -c /etc/snort/snort.conf


If I use this, I get a file that tcpdump can read, but no detail packet info.


./snort -d -b -i dag0:0 -l /data/snortlog -L tcpdump.log





Attached is the snort.conf.


Any suggestions? What am I doing wrong?


Thanks,


John Travlos



-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121025/2a43252d/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: snort.conf
Type: application/octet-stream
Size: 24780 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121025/2a43252d/attachment.obj>


More information about the Snort-users mailing list