Snort mailing list archives
RE: logging traffic
From: "Faiz Ahmad Shuja" <faizshuja () yahoo it>
Date: Thu, 14 Aug 2003 03:27:23 +0500
Yes, I think you can. Anyone please correct if I am wrong. You can limit file size by using unified output plugin. /--- # unified: Snort unified binary format alerting and logging # ------------------------------------------------------------- # The unified output plugin provides two new formats for logging # and generating alerts from Snort, the "unified" format. The # unified format is a straight binary format for logging data # out of Snort that is designed to be fast and efficient. Used # with barnyard (the new alert/log processor), most of the overhead # for logging and alerting to various slow storage mechanisms # such as databases or the network can now be avoided. # # Check out the spo_unified.h file for the data formats. # # Two arguments are supported. # filename - base filename to write to (current time_t is appended) # limit - maximum size of spool file in MB (default: 128) # # output alert_unified: filename snort.alert, limit 128 # output log_unified: filename snort.log, limit 128 ---/ Regards, Faiz -----Original Message----- From: snort-users-admin () lists sourceforge net [mailto:snort-users-admin () lists sourceforge net] On Behalf Of zidan () popmail com Sent: Wednesday, August 13, 2003 1:26 PM To: snort-users () lists sourceforge net Subject: [Snort-users] logging traffic Hi, I wish to log traffic using snort, Im using snort -debD. I would like to limit the file sizes, so I can transfer them over network. f.e. configure the snort to rollover files, each one 50MB. can it be done ? Thank you, -Z .................................... Get your own free email account from http://www.popmail.com ------------------------------------------------------- This SF.Net email sponsored by: Free pre-built ASP.NET sites including Data Reports, E-commerce, Portals, and Forums are available now. Download today and enter to win an XBOX or Visual Studio .NET. http://aspnet.click-url.com/go/psa00100003ave/direct;at.aspnet_072303_01 /01 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Attachment:
smime.p7s
Description:
Current thread:
- logging traffic zidan (Aug 13)
- Re: logging traffic Erek Adams (Aug 13)
- RE: logging traffic Faiz Ahmad Shuja (Aug 13)
- RE: logging traffic Erek Adams (Aug 13)
- Re: logging traffic Joerg Mertin (Aug 14)
- Commercial sniffer samwun (Aug 14)
- Re: Commercial sniffer Ravi (Aug 14)
- RE: logging traffic Erek Adams (Aug 13)
- <Possible follow-ups>
- RE: logging traffic Kevin Binsfield (Aug 14)