[Snort-users] Snort for windows using config file -- Correlated issue when write out to log and try to read log file back in.
dhall at rmscollects.com
Tue Jan 15 11:52:42 EST 2019
To the Snort User Commuinity,
I am using Snort v2.9.12 for Windows, and MySQL for Windows.
A similar issue appears, when I try to wite out to file, and then
Turnaround and try to read in right back in.
In the snort.conf file, I set the test file size to 5MB.
I remove the nostamp to get unique files, with timestamp extension,
For later data analysis.
When I try to write out to log file using the configuration file,
It writes out, as planned.
But right afterwards, when I try to read it back in with -rd or -dr
Command line arguments, I get the following error:
Running in packet dump mode
--== Initializing Snort ==--
Initializing Output Plugins!
Pcap DAQ configured to read-file/
The DAQ version does not support reload.
ERROR: Can't initialize DAQ pcap (-1) - bad dump file format
Could not set the event message file.
Suggestions and recommendations to fix the issue appreciated.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users