Snort mailing list archives
Re: SNORT not saving pcap file
From: "John Travlos, Jr." <jtravlos () rsignia com>
Date: Fri, 26 Oct 2012 08:56:49 -0400
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Waldo, In the /etc/snort/snort.conf file, the file name is tcpdump.log as specified in the pcap section. See attached snort.conf file. The issue is when specifying snort.conf, the pcap file is not saved. On 10/25/12 8:45 PM, waldo kitty wrote:
On 10/25/2012 19:18, jtravlos () rsignia com wrote:When I do the command, a file shows up in the folder, but then
disappears when I
stop SNORT."a file"?? what file? what is the name?It appears when I use snort.conf, it won't save the file.this sounds like possibly some kind of clean up from your script that
executes
snort... more info is needed :/*From:* Joel Esler [mailto:jesler () sourcefire com] *Sent:* Thursday, October 25, 2012 03:18 PM *To:* jtravlos () rsignia com *Cc:* snort-users () lists sourceforge net *Subject:* Re: [Snort-users] SNORT not saving pcap file Your command line is overriding your .conf Try ./snort -i dag0:0 -c /etc/snort.snort.conf -- *Joel Esler* Senior Research Engineer, VRT OpenSource Community Manager Sourcefire On Oct 25, 2012, at 2:54 PM, jtravlos () rsignia com <mailto:jtravlos () rsignia com> wrote:I'm running snort 2.9.3.1 on CentOS 6.3 capturing traffic via Endace DAG card. I want to save to a file (pcap format) the traffic that it sees. I know in snort.conf there are some settings, but it does not appears to save the file. When ever I use the snort.conf, it is not saved. The settings are: config logdir: /data/snortlog # pcap output log_tcpdump: tcpdump.log The command I'm using to start snort: ./snort -d -b -i dag0:0 -c /etc/snort/snort.conf If I use this, I get a file that tcpdump can read, but no detail
packet info.
./snort -d -b -i dag0:0 -l /data/snortlog -L tcpdump.log Attached is the snort.conf. Any suggestions? What am I doing wrong? Thanks, John Travlos
------------------------------------------------------------------------------
Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest
Snort news!
- -- Regards, John Travlos, Jr. Rsignia, Inc. The X-Factor in Cyber Warfare 9693 Gerwig Lane, Suite O Columbia, MD 21046 p. 410.290.9697 ext. 20 f. 410.290.9694 m. 727-647-1342 www.Rsignia.com This e-mail and any attachment are confidential and contain proprietary information, some or all of which may be legally privileged. It is intended solely for the use of the individual or entity to which it is addressed. If you are not the intended recipient, please notify the author immediately by telephone or by replying to this e-mail, and then delete all copies of the e-mail on your system. If you are not the intended recipient, or you received this email in error, you must not use, disclose, distribute, copy, print or rely on this e-mail. Rsignia reserves the right to monitor all email transactions. PGP Fingerprint: BECB 9D7C 9543 2A46 1561 D90D E390 694A CC29 0E80 -----BEGIN PGP SIGNATURE----- Version: GnuPG/MacGPG2 v2.0.18 (Darwin) Comment: GPGTools - http://gpgtools.org Comment: Using GnuPG with Mozilla - http://www.enigmail.net/ iQEcBAEBAgAGBQJQioiQAAoJEHkN0GYbsveqEDcH/0J3q0CDBqs05y1iUgv+c79k 91pYXaPRPs2o1bSWJk8IVPjjJBCUfQCITtZsfaiP0TsTOo3XQIfGzZ+F8w9ZQRmc ugJCGOPzdiPP5pcDuy+Hz601PobsUjJ6mT8TQ9c3ANxC/VKKwhnIxv9NorU4XTVW DLKyxZMRtPhKyAb5BRNHycODD8D5PpETC8sawbOiD+0w4Nsfy2mhy/xAlzOp+TXf 1bTw9Xw+d8AcXuCee8lP5rN8SZx8oxbSoLsM5bOWMMVmu3WyxF7czO9+HTSVv3BF OV4nbnWcYq/a0ImGZ0Les3VZlM557eZi7gsCBujnizsYvUAsQCI14fWl4a893RU= =LDFA -----END PGP SIGNATURE-----
Attachment:
snort.conf
Description:
------------------------------------------------------------------------------ Everyone hates slow websites. So do we. Make your web apps faster with AppDynamics Download AppDynamics Lite for free today: http://p.sf.net/sfu/appdyn_sfd2d_oct
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- SNORT not saving pcap file jtravlos (Oct 25)
- Re: SNORT not saving pcap file Joel Esler (Oct 25)
- <Possible follow-ups>
- Re: SNORT not saving pcap file jtravlos (Oct 25)
- Re: SNORT not saving pcap file waldo kitty (Oct 25)
- Re: SNORT not saving pcap file John Travlos, Jr. (Oct 26)
- Re: SNORT not saving pcap file waldo kitty (Oct 25)