Snort mailing list archives
Snort3 does not write to alert_full.txt in daemon mode
From: oleg gv via Snort-users <snort-users () lists snort org>
Date: Wed, 29 Aug 2018 15:56:28 +0300
Hello, Snort3 does not write to alert_full.txt in daemon mode. When not in daemon mode (no -D) - it writes it to stdout. I run snort3: /usr/bin/snort -D -M --daq-dir /usr/local/lib/snort/daqs --daq-dir /usr/local/lib/snort_extra/daqs --daq-dir /usr/local/daqm/lib/daq --create-pidfile -y -t / -l /var/log/idsm/ --plugin-path /usr/local/lib/snort_extra -c /tmp/snort-config --daq afpacket -i ethernet1 -R /tmp/rules.txt -A alert_full --lua alert_full = { file=true } /tmp/rules.txt - contains 1 any-any icmp rule. At exit I've got in syslog: ..... snort[4680]: detection snort[4680]: analyzed: 7616 snort[4680]: hard_evals: 1047 snort[4680]: total_alerts: 1047 snort[4680]: logged: 1047 -- logged but not apper in alert_full.txt ! ....
_______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users To unsubscribe, send an email to: snort-users-leave () lists snort org Please visit http://blog.snort.org to stay current on all the latest Snort news! Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette
Current thread:
- Snort3 does not write to alert_full.txt in daemon mode oleg gv via Snort-users (Aug 29)