Snort mailing list archives

Previous By Date Next
Previous By Thread Next

log files

From: "Luong, Natalie N" <natalie.n.luong () lmco com>
Date: Wed, 17 Mar 2004 17:20:45 -0800
Please bear with me, I'm fairly new to snort.


I have a very large tcpdump file (call it "large.dat").

Is it possible to log packets in that file of ruleA to one log file and log packets of ruleB to
a second log file using only one "read" of that original tcpdump file?

To elaborate....

I know I can execute two different commands:
1) snort -l ./logdir -L logA.log -b -c ruleAfile.conf -r large.dat
2) snort -l ./logdir -L logB.log -b -c ruleBfile.conf  -r large.dat

Now, can I create both logA.log and logB.log using only one "snort" command?

Thanks







-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: