[Snort-users] general questions

waldo kitty wkitty42 at ...14940...
Fri Mar 29 15:30:15 EDT 2013


On 3/29/2013 11:59, Mohammad MontazerI wrote:
>
> Which log files would you like read?
> i thought there is just one log file!

ni a default snort, there are the alert file and each execution of snort starts 
a new pcap file...

> however, i used this command:
> ./snort -d -h 192.168.1.0/24 -l ./log -c snort.conf
>
> and it created two flies:
> alert and a log file.
> i m trying to read this log file.

i suspect you are trying to read the pcap file... they have names like 
snort.log.1279369061... the numbers are the unix date/time stamp of when the log 
was started IIRC... other than that, they are regular pcaps that snort has 
created of the data packet(s) that caused the alert at that particular point in 
time... you should have a corresponding entry for the same time and date in your 
alert file... how do you actually see what these files contain? you use a tool 
like wireshark or similar...




More information about the Snort-users mailing list