[Snort-users] Snort for windows using config file -- Correlated issue when write out to log and try to read log file back in.

Don Hall dhall at rmscollects.com
Tue Jan 15 11:52:42 EST 2019

To the Snort User Commuinity,

I am using Snort v2.9.12 for Windows, and MySQL for Windows.
A similar issue appears, when I try to wite out to file, and then
Turnaround and try to read in right back in.

In the snort.conf file, I set the test file size to 5MB.
I remove the nostamp to get unique files, with timestamp extension,
For later data analysis.

When I try to write out to log file using the configuration file,
It writes out, as planned.
But right afterwards, when I try to read it back in with -rd or -dr
Command line arguments, I get the following error:

Running in packet dump mode
                --== Initializing Snort ==--
Initializing Output Plugins!
Pcap DAQ configured to read-file/
The DAQ version does not support reload.
ERROR: Can't initialize DAQ pcap (-1) - bad dump file format
FatalError.  Quitting..
Could not set the event message file.

Suggestions and recommendations to fix the issue appreciated.

Don Hall

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20190115/217105d0/attachment.html>

More information about the Snort-users mailing list