[Snort-users] Snort config file issues with
dhall at rmscollects.com
Tue Jan 15 11:30:53 EST 2019
Question to the Snort User Community,
I have Snort v2.9.12 in Windows.
I have made modifications to the configuration file
(c:Snort\etc\snort.conf) in Step #6 area (in lines 520 to 530 area)
Removing the nostamp, so that I can get the timestamp extension,
To the snort.log, snort.alert, and tcpdump.log files.
I also change the size option for the plug-ins, for manageable files
I remove the nostamp, so that I can segment the log file into
Manageable chunks, and analyze data, while Snort keeps going.
I would use either the (-de), with or without the binary (-b),
With or without the (-C) ASCII format, without problems.
Prior to using the config file, things are clean and I can use the read (-rd) or (-dr)
To get the payload info, because I need to do data analysis on the payload.
When I start to use the config file; however, then problems start to occur.
I can create the file, then try to read the file back with the read (-rd) or (-dr) option,
And I get the following:
Running in packet dump mode
--== Initializing Snort ==--
Initializing Output Logins!
Error getting stat on pcap file: d: no such file or directory
ERROR: Error getting pcaps.
Fatal Error. Quitting..
Could not set the even message file.
Thanks, in advance, for looking into the issue.
(that is with either -dr or -rd command line arguments.)
Thanks for any recommendations.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users