Snort mailing list archives
Re: SNORT not saving pcap file
From: jtravlos () rsignia com
Date: Thu, 25 Oct 2012 23:18:34 +0000
When I do the command, a file shows up in the folder, but then disappears when I stop SNORT. It appears when I use snort.conf, it won't save the file. From: Joel Esler [mailto:jesler () sourcefire com] Sent: Thursday, October 25, 2012 03:18 PM To: jtravlos () rsignia com Cc: snort-users () lists sourceforge net Subject: Re: [Snort-users] SNORT not saving pcap file Your command line is overriding your .conf Try ./snort -i dag0:0 -c /etc/snort.snort.conf -- Joel Esler Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Oct 25, 2012, at 2:54 PM, jtravlos () rsignia com wrote: I'm running snort 2.9.3.1 on CentOS 6.3 capturing traffic via Endace DAG card. I want to save to a file (pcap format) the traffic that it sees. I know in snort.conf there are some settings, but it does not appears to save the file. When ever I use the snort.conf, it is not saved. The settings are: config logdir: /data/snortlog # pcap output log_tcpdump: tcpdump.log The command I'm using to start snort: ./snort -d -b -i dag0:0 -c /etc/snort/snort.conf If I use this, I get a file that tcpdump can read, but no detail packet info. ./snort -d -b -i dag0:0 -l /data/snortlog -L tcpdump.log Attached is the snort.conf. Any suggestions? What am I doing wrong? Thanks, John Travlos <snort.conf>------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- SNORT not saving pcap file jtravlos (Oct 25)
- Re: SNORT not saving pcap file Joel Esler (Oct 25)
- <Possible follow-ups>
- Re: SNORT not saving pcap file jtravlos (Oct 25)
- Re: SNORT not saving pcap file waldo kitty (Oct 25)
- Re: SNORT not saving pcap file John Travlos, Jr. (Oct 26)
- Re: SNORT not saving pcap file waldo kitty (Oct 25)