On Tue, 2002-12-03 at 10:49, L. Christopher Luther wrote:
> In previous posts regarding logging output, it was noted by some that
> Snort apparently has an undocumented output plugin called
> "log_ascii", which is the default logging facility if none other is
> specified. And supposedly one can add the option "output log_ascii"
> to the snort.conf file to re-enable the ASCII logging facility along
> side other logging facilities (e.g., output database: log, ...).
>
> However, when I specify this plugin in my snort.conf file, both Snort
> 1.8.6 and 1.8.7 return the following warning when started:
>
> *WARNING*: unknown output plugin "log_ascii", ignoring!
>
> Is this output plugin something new to Snort 1.9.x or something else?

Christopher,

I'm not aware of a 'log_ascii' plugin in Snort 1.8.x. I get all the app
layer info in ascii format by using 'alert_full' and specifying the
'Dump Application Layer' option in the command line (I think it is -d).

Hope this helps,
Frank

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.7 (GNU/Linux)

iQCVAwUAPezv4L+0ijK5TGa5AQL7LQQAjmANR5WBRv5d0mIvJco7w9yn0dtBnj0h
6MWvOq7A3p297vznc2j9WYWqBuVnouJziAALPZFLSneUULUySqvqSNd1/aYfA6Z3
NfiUKnF2twuyFGWDsyP3fOzMuD39Hhv5/fszns8RrBrm80I8wF8nvQP+iyBZCEBe
IlNSH/ZeWVo=
=tS5r
-----END PGP SIGNATURE-----

-------------------------------------------------------
This SF.net email is sponsored by: Microsoft Visual Studio.NET
comprehensive development tool, built to increase your
productivity. Try a free online hosted session at:
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]