[Snort-users] Snort config file issues with

Don Hall dhall at rmscollects.com
Tue Jan 15 11:30:53 EST 2019


Question to the Snort User Community,

I have Snort v2.9.12  in Windows.

I have made modifications to the configuration file
(c:Snort\etc\snort.conf) in Step #6 area (in lines 520 to 530 area)
Removing the nostamp, so that I can get the timestamp extension,
To the snort.log, snort.alert, and tcpdump.log files.
I also change the size option for the plug-ins, for manageable files
To analyze.

I remove the nostamp, so that I can segment the log file into
Manageable chunks, and analyze data, while Snort keeps going.

I would use either the (-de), with or without the binary (-b),
With or without the (-C) ASCII format, without problems.
Prior to using the config file, things are clean and I can use the read (-rd) or (-dr)
To get the payload info, because I need to do data analysis on the payload.

When I start to use the config file; however, then problems start to occur.
I can create the file, then try to read the file back with the read (-rd) or (-dr) option,
And I get the following:

                Running in packet dump mode
                --== Initializing Snort  ==--
Initializing Output Logins!
Error getting stat on pcap file:  d: no such file or directory
ERROR: Error getting pcaps.
Fatal Error. Quitting..
Could not set the even message file.

Thanks, in advance, for looking into the issue.

(that is with either -dr or -rd command line arguments.)

Thanks for any recommendations.


Don Hall





-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20190115/418b4451/attachment.html>


More information about the Snort-users mailing list