[Snort-users] general questions
wkitty42 at ...14940...
Fri Mar 29 15:30:15 EDT 2013
On 3/29/2013 11:59, Mohammad MontazerI wrote:
> Which log files would you like read?
> i thought there is just one log file!
ni a default snort, there are the alert file and each execution of snort starts
a new pcap file...
> however, i used this command:
> ./snort -d -h 192.168.1.0/24 -l ./log -c snort.conf
> and it created two flies:
> alert and a log file.
> i m trying to read this log file.
i suspect you are trying to read the pcap file... they have names like
snort.log.1279369061... the numbers are the unix date/time stamp of when the log
was started IIRC... other than that, they are regular pcaps that snort has
created of the data packet(s) that caused the alert at that particular point in
time... you should have a corresponding entry for the same time and date in your
alert file... how do you actually see what these files contain? you use a tool
like wireshark or similar...
More information about the Snort-users