[Snort-users] Snort read file to generate u2 logs.
paul at ...17768...
Tue Feb 21 23:05:13 EST 2017
（Sorry the previous email was broke. ）
Al, do you indicate that Snort should generate .u2 files when it reads from
On Tue, Feb 21, 2017 at 11:04 PM, Paul Li <paul at ...17768...> wrote:
> Yes, Al, there's .log file generated in the directory /var/log/snort.
> also, the same user can generate .u2 log when snort reads directly from the
> network interface.
> So do you indicate that
> On Tue, Feb 21, 2017 at 10:57 PM, Al Lewis (allewi) <allewi at ...589...>
>> Have you checked if the snort user has permissions to write to the output
>> Are the logs created when you run snort as root?
>> *Albert Lewis*
>> ENGINEER.SOFTWARE ENGINEERING
>> SOURCE*fire*, Inc. now part of *Cisco*
>> Email: allewi at ...589...
>> From: Paul Li <paul at ...17768...>
>> Date: Tuesday, February 21, 2017 at 10:17 PM
>> To: 'snort-users' <snort-users at lists.sourceforge.net>
>> Subject: [Snort-users] Snort read file to generate u2 logs.
>> I'm using Snort read a file to generate alerts with the following
>> sudo snort -q -u snort-user -g snort-group -c /etc/snort/snort.conf -r
>> Snort can generate alerts but doesn't create u2 log files, neither other
>> output (e.g., csv) , although the same snort.conf file will generate both
>> alerts and .u2 files.) Wondering if there's a way Snort can generate
>> specified format logs when reading a file.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users