Re: Snort read file to generate u2 logs.

["Al Lewis (allewi)" <allewi () cisco com>]

Have you checked if the snort user has permissions to write to the output directory?

Are the logs created when you run snort as root?

Albert Lewis
ENGINEER.SOFTWARE ENGINEERING
SOURCEfire, Inc. now part of Cisco
Email: allewi () cisco com<mailto:allewi () cisco com>

From: Paul Li <paul () scybersecurity com<mailto:paul () scybersecurity com>>
Date: Tuesday, February 21, 2017 at 10:17 PM
To: 'snort-users' <snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net>>
Subject: [Snort-users] Snort read file to generate u2 logs.

I'm using Snort read a file to generate alerts with the following command:

sudo snort -q -u snort-user -g snort-group -c /etc/snort/snort.conf -r file-name

Snort can generate alerts but doesn't create u2 log files, neither other output (e.g., csv) , although the same 
snort.conf file will generate both alerts and .u2 files.) Wondering if there's a way Snort can generate specified 
format logs when reading a file.

Thanks,
Paul

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot

_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!