[Snort-users] Snort read file to generate u2 logs.

Paul Li paul at ...17768...
Tue Feb 21 23:05:13 EST 2017


(Sorry the previous email was broke. )

Al, do you indicate that Snort should generate .u2 files when it reads from
a file?

Thanks,
Paul

On Tue, Feb 21, 2017 at 11:04 PM, Paul Li <paul at ...17768...> wrote:

> Yes, Al, there's .log file generated in the directory /var/log/snort.
> also, the same user can generate .u2 log when snort reads directly from the
> network interface.
>
> So do you indicate that
>
> On Tue, Feb 21, 2017 at 10:57 PM, Al Lewis (allewi) <allewi at ...589...>
> wrote:
>
>> Have you checked if the snort user has permissions to write to the output
>> directory?
>>
>> Are the logs created when you run snort as root?
>>
>> *Albert Lewis*
>>
>> ENGINEER.SOFTWARE ENGINEERING
>>
>> SOURCE*fire*, Inc. now part of *Cisco*
>>
>> Email: allewi at ...589...
>>
>> From: Paul Li <paul at ...17768...>
>> Date: Tuesday, February 21, 2017 at 10:17 PM
>> To: 'snort-users' <snort-users at lists.sourceforge.net>
>> Subject: [Snort-users] Snort read file to generate u2 logs.
>>
>> I'm using Snort read a file to generate alerts with the following
>> command:
>>
>> sudo snort -q -u snort-user -g snort-group -c /etc/snort/snort.conf -r
>> file-name
>>
>> Snort can generate alerts but doesn't create u2 log files, neither other
>> output (e.g., csv) , although the same snort.conf file will generate both
>> alerts and .u2 files.) Wondering if there's a way Snort can generate
>> specified format logs when reading a file.
>>
>> Thanks,
>> Paul
>>
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20170221/ae847154/attachment.html>


More information about the Snort-users mailing list