[Snort-users] Fwd: data_log output

Sunil Koul koulsunil1 at ...11827...
Sun Jun 19 05:16:23 EDT 2016

Hello people

I would like to know the correct usage for data_log inspector. When i use
snort -c $my_path/etc/snort/snort.lua \
        --plugin-path $my_path/lib/snort_extra \
        -A alert_ex -r /path/to/my.pcap
as mentioned in doc/usage.txt after including data_log = { key =
'http_raw_uri' } in snort.lua, a data.log gets created in the home
directory but with no output(blank).

How do i explicitly load only the data_log inspector to extract and print
data onto the data.log file?

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160619/350886bb/attachment.html>

More information about the Snort-users mailing list