[Snort-users] SNORT not saving pcap file

Joel Esler jesler at ...1935...
Thu Oct 25 15:18:23 EDT 2012


Your command line is overriding your .conf

Try

./snort -i dag0:0 -c /etc/snort.snort.conf

--
Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager
Sourcefire

On Oct 25, 2012, at 2:54 PM, jtravlos at ...15803... wrote:

> I'm running snort 2.9.3.1 on CentOS 6.3 capturing traffic via Endace DAG card. I want to save to a file (pcap format) the traffic that it sees. I know in snort.conf there are some settings, but it does not appears to save the file. When ever I use the snort.conf, it is not saved.
> 
> The settings are:
> config logdir: /data/snortlog
> 
> # pcap
> output log_tcpdump: tcpdump.log
> 
> The command I'm using to start snort:
> 
> 	./snort -d -b -i dag0:0 -c /etc/snort/snort.conf
> 
> If I use this, I get a file that tcpdump can read, but no detail packet info.
> 
> 	./snort -d -b -i dag0:0 -l /data/snortlog -L tcpdump.log
> 
> 
> Attached is the snort.conf.
> 
> Any suggestions? What am I doing wrong?
> 
> Thanks,
> 
> John Travlos 
> 
> 
> <snort.conf>------------------------------------------------------------------------------
> Everyone hates slow websites. So do we.
> Make your web apps faster with AppDynamics
> Download AppDynamics Lite for free today:
> http://p.sf.net/sfu/appdyn_sfd2d_oct_______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users
> 
> Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121025/c62cb53a/attachment.html>


More information about the Snort-users mailing list