|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Brian (bmc
openbsd.org)Date: Mon Jun 04 2001 - 19:19:28 CDT
According to McKevitt, Larry:
> i get:
> --== Initializing Snort ==--
> TCPDUMP file reading mode.
> Reading network traffic from "/var/log/snort/alert" file.
> ERROR => unable to open file /var/log/snort/alert for
> readback: bad dump file format
Yes. this is because the alert ouput is TEXT not PCAP. There is a
big difference. Read snort(8). If you want to log into PCAP format,
then use the -b command line switch.
> how can i read my log files?
> OBSD 2.8 i386.
> snort installed from ports tree.
> thanks in advance.
less. vi. emacs. pick one.
-brian
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]