[Snort-users] Snort read file to generate u2 logs.

Paul Li paul at ...17768...
Tue Feb 21 23:02:42 EST 2017

Yes, Al, there's .log file generated in the directory /var/log/snort. also,
the same user can generate .u2 log when snort reads directly from the
network interface.

So do you indicate that Snort should generate .u2 logs when it reads a file?


On Tue, Feb 21, 2017 at 10:57 PM, Al Lewis (allewi) <allewi at ...589...>

> Have you checked if the snort user has permissions to write to the output
> directory?
> Are the logs created when you run snort as root?
> *Albert Lewis*
> SOURCE*fire*, Inc. now part of *Cisco*
> Email: allewi at ...589...
> From: Paul Li <paul at ...17768...>
> Date: Tuesday, February 21, 2017 at 10:17 PM
> To: 'snort-users' <snort-users at lists.sourceforge.net>
> Subject: [Snort-users] Snort read file to generate u2 logs.
> I'm using Snort read a file to generate alerts with the following command:
> sudo snort -q -u snort-user -g snort-group -c /etc/snort/snort.conf -r
> file-name
> Snort can generate alerts but doesn't create u2 log files, neither other
> output (e.g., csv) , although the same snort.conf file will generate both
> alerts and .u2 files.) Wondering if there's a way Snort can generate
> specified format logs when reading a file.
> Thanks,
> Paul
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170221/ec77f327/attachment.html>

More information about the Snort-users mailing list