NIDS + packet logging - only alert packets get logged

[Rich Lee <laughingblade () gmail com>]

Hi,

newbie kind of Q I'm afraid:

I'm running snort 2.9.8.0 & Barnyard2 in an Ubuntu 14.04 VM, set up 
according to Noah Dietrich's guide.

I want to run snort as NIDS to alert, but also capture *all* packets. 
According to http://manual.snort.org/node5.html I should be good with 
'./snort -l ./log -b'

The command I'm running is './snort -c /pathto/snort.conf -i eth0 -l 
/pathto/log -b', and I'm seeing timestamped log files as expected, but 
only for alerts, not for other traffic...

My understanding from the docs is that the command line log switch 
should log *all* packets, and output modules configured in snort.conf 
will log processed/detected alert packets. I've tried this with output 
module configured, and with no output modules at all - but snort 
continues to log only alerting packets. I've confirmed that there 
actually is other traffic to be captured by running wireshark alongside.

Does the -l -b switch work? Am I possibly missing something obvious?

TIA
Rich Lee

------------------------------------------------------------------------------
Transform Data into Opportunity.
Accelerate data analysis in your applications with
Intel Data Analytics Acceleration Library.
Click to learn more.
http://pubads.g.doubleclick.net/gampad/clk?id=278785111&iu=/4140
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!