Snort mailing list archives
Re: unified2 alert files with trailing period and no appended timestamp?
From: Mike Cox <mike.cox52 () gmail com>
Date: Fri, 17 Jan 2014 15:49:54 -0500
Unfortunately I cannot (NDA with client). Other than what I've already provided, I can say that the .unified2.alert.0 file appears to be the correct unified2 file (and in the correct directory), it's just that filename seems to be wack. I've tried adding flags to the output line like these but I still get the same results: *output unified2: filename unified2.alert, nostamp* *output unified2: filename unified2.alert, mpls_event_types* Thanks. -Mike Cox On Fri, Jan 17, 2014 at 1:20 PM, Bhagya Bantwal <bbantwal () sourcefire com>wrote:
Hello Mike, Can you send me your snort.conf, pcap and command line? Thanks! B On Fri, Jan 17, 2014 at 9:04 AM, Mike Cox <mike.cox52 () gmail com> wrote:I'm investigating a client's setup and they are running Snort 2.9.3.1. The snort conf file has the following line: *output unified2: filename unified2.alert* Snort is being run with an explicit '-l' switch to set the log directory. When I run a pcap thru the engine that generates an alert, the unified2 alert filename in the log directory looks like this (note the leading period and lack of appended timestamp): *.unified2.alert.0* Is this a known bug with this version of Snort? Any other reason why this would be happening? Thanks. -Mike Cox ------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk _______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
------------------------------------------------------------------------------ CenturyLink Cloud: The Leader in Enterprise Cloud Services. Learn Why More Businesses Are Choosing CenturyLink Cloud For Critical Workloads, Development Environments & Everything In Between. Get a Quote or Start a Free Trial Today. http://pubads.g.doubleclick.net/gampad/clk?id=119420431&iu=/4140/ostg.clktrk
_______________________________________________ Snort-devel mailing list Snort-devel () lists sourceforge net https://lists.sourceforge.net/lists/listinfo/snort-devel Archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-devel Please visit http://blog.snort.org for the latest news about Snort!
Current thread:
- unified2 alert files with trailing period and no appended timestamp? Mike Cox (Jan 17)
- Re: unified2 alert files with trailing period and no appended timestamp? Bhagya Bantwal (Jan 17)
- Re: unified2 alert files with trailing period and no appended timestamp? Mike Cox (Jan 17)
- Re: unified2 alert files with trailing period and no appended timestamp? Bhagya Bantwal (Jan 21)
- Re: unified2 alert files with trailing period and no appended timestamp? Mike Cox (Jan 24)
- Re: unified2 alert files with trailing period and no appended timestamp? Mike Cox (Jan 17)
- Re: unified2 alert files with trailing period and no appended timestamp? Bhagya Bantwal (Jan 17)