[Snort-users] SNORT not saving pcap file

jtravlos at ...15803... jtravlos at ...15803...
Thu Oct 25 19:18:34 EDT 2012

When I do the command, a file shows up in the folder, but then disappears when I stop SNORT.
It appears when I use snort.conf, it won't save the file.

From: Joel Esler [mailto:jesler at ...1935...]
Sent: Thursday, October 25, 2012 03:18 PM
To: jtravlos at ...15803...
Cc: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] SNORT not saving pcap file

Your command line is overriding your .conf


./snort -i dag0:0 -c /etc/snort.snort.conf

Joel Esler
Senior Research Engineer, VRT
OpenSource Community Manager

On Oct 25, 2012, at 2:54 PM, jtravlos at ...15803... wrote:

I'm running snort on CentOS 6.3 capturing traffic via Endace DAG card. I want to save to a file (pcap format) the traffic that it sees. I know in snort.conf there are some settings, but it does not appears to save the file. When ever I use the snort.conf, it is not saved.

The settings are:
config logdir: /data/snortlog

# pcap
output log_tcpdump: tcpdump.log

The command I'm using to start snort:

./snort -d -b -i dag0:0 -c /etc/snort/snort.conf

If I use this, I get a file that tcpdump can read, but no detail packet info.

./snort -d -b -i dag0:0 -l /data/snortlog -L tcpdump.log

Attached is the snort.conf.

Any suggestions? What am I doing wrong?


John Travlos

Everyone hates slow websites. So do we.
Make your web apps faster with AppDynamics
Download AppDynamics Lite for free today:
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20121025/754ad660/attachment.html>

More information about the Snort-users mailing list