[Snort-users] SNORT not saving pcap file
wkitty42 at ...14940...
Thu Oct 25 20:45:39 EDT 2012
On 10/25/2012 19:18, jtravlos at ...15803... wrote:
> When I do the command, a file shows up in the folder, but then disappears when I
> stop SNORT.
"a file"?? what file? what is the name?
> It appears when I use snort.conf, it won't save the file.
this sounds like possibly some kind of clean up from your script that executes
snort... more info is needed :/
> *From:* Joel Esler [mailto:jesler at ...1935...]
> *Sent:* Thursday, October 25, 2012 03:18 PM
> *To:* jtravlos at ...15803...
> *Cc:* snort-users at lists.sourceforge.net
> *Subject:* Re: [Snort-users] SNORT not saving pcap file
> Your command line is overriding your .conf
> ./snort -i dag0:0 -c /etc/snort.snort.conf
> *Joel Esler*
> Senior Research Engineer, VRT
> OpenSource Community Manager
> On Oct 25, 2012, at 2:54 PM, jtravlos at ...15803...
> <mailto:jtravlos at ...15803...> wrote:
>> I'm running snort 18.104.22.168 on CentOS 6.3 capturing traffic via Endace DAG
>> card. I want to save to a file (pcap format) the traffic that it sees. I
>> know in snort.conf there are some settings, but it does not appears to
>> save the file. When ever I use the snort.conf, it is not saved.
>> The settings are:
>> config logdir: /data/snortlog
>> # pcap
>> output log_tcpdump: tcpdump.log
>> The command I'm using to start snort:
>> ./snort -d -b -i dag0:0 -c /etc/snort/snort.conf
>> If I use this, I get a file that tcpdump can read, but no detail packet info.
>> ./snort -d -b -i dag0:0 -l /data/snortlog -L tcpdump.log
>> Attached is the snort.conf.
>> Any suggestions? What am I doing wrong?
>> John Travlos
More information about the Snort-users