Snort mailing list archives

logto 3.0

From: kahleong_fong via Snort-users <snort-users () lists snort org>
Date: Tue, 17 Oct 2017 07:21:21 +0000 (UTC)

hi all,
It has been awhile since 2004 that I touched snort! I remembered the logto option to capture pkts  used to work.In the 
3.0 release , I just cannot seem to get it to capture the pkts to the file.
alert icmp any any -> any any (logto:/var/snort/log/logto_log;sid=400000001; rev:1;)

I am able to see the alerts however no pkts in the logto_log file.

please advise.
regards

_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Current thread:

logto 3.0 kahleong_fong via Snort-users (Oct 17)
- Re: logto 3.0 Carter Waxman (cwaxman) via Snort-users (Oct 17)
  - Re: logto 3.0 Carter Waxman (cwaxman) via Snort-users (Oct 17)
    - Re: logto 3.0 kahleong_fong via Snort-users (Oct 18)
    - Re: logto 3.0 Russ via Snort-users (Oct 18)