RE: Snort1.9 TCPdump output file format

["Grime, Richard S" <richard.grime () ic ac uk>]

Erek,

Thanks for the advice - but using -L still seems to give the epoch format.
I see your point and eventually want to move onto this format, but any other
ideas on getting back the <month><day> format in the mean time?

It must be looking at the -L, because now I get:

WARNING: command line overrides rules file logging plugin!

Thanks,

Richard



> > Just brought a snort 1.9 box up - the TCPDump file format is now 
> > coming out
> > as:
> >
> > snort.log.xxxxxxxxxx
> >
> > Instead of the (expected) format of:
> >
> > <month><day>@<hour>-snort.log
> >
> > Is there a way to change this back?
> >
> > RH7.1 x86 / Snort 1.9.0 (209)

> Yes, but you might not want to do that.
>
> With the filesnames in the old format, you could overwrite logfiles within
the same hour.  With it using the Unix epoch date tagged on the back, you
can't.
> If you want to change it look at the "-L" option.  From the man page:
>
>     -L binary-log-file
>          Set the filename of the binary log file to  binary-log-
>          file. If this switch is not used, the default name is a
>          timestamp for the time that the file  is  created  plus
>          "snort.log".
>
> It's not listed in the -?, but it is there.




-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users