[Snort-users] logto 3.0

kahleong_fong kahleong_fong at yahoo.com.sg
Tue Oct 17 03:21:21 EDT 2017


hi all,
It has been awhile since 2004 that I touched snort! I remembered the logto option to capture pkts  used to work.In the 3.0 release , I just cannot seem to get it to capture the pkts to the file.
alert icmp any any -> any any (logto:/var/snort/log/logto_log;sid=400000001; rev:1;)

I am able to see the alerts however no pkts in the logto_log file.

please advise.
regards

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20171017/4db45391/attachment.html>


More information about the Snort-users mailing list