-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

> -----Original Message-----
> From: Hicks, John [mailto:JHicksJUSTICE.GC.CA]
> Sent: Wednesday, December 04, 2002 10:54 AM
>
> Frank,
> Out of curiosity, did you use it with 1.8??? I tried on and
> old copy and got
> "*WARNING*: unknown output plugin "log_ascii", ignoring!".
> However, on my
> 1.9 node, it works great (I *love* having nicely organized
> packet files for
> analysis)
>
> Definately a needed feature, imho.

John,

under Snort 1.8.7, I'm using the 'output alert_full: alert.ids' in
the snort.conf file and start Snort with the '-d' switch. That will
dump the application layer (packet data) in ascii into
subdirectories. The alert.ids file contains the summary, and if I
want details, I just open the detailed text file in the subdirectory
(I actually have a script that emails me all those on demand).

The 'output log_ascii' does not exist under 1.8.x. I'm not sure how
much different that is from the '-d' switch, but I can't imagine what
additional data it would log since you get the full packet in ascii
with '-d'.

Regards,
Frank

-----BEGIN PGP SIGNATURE-----
Version: PGP Personal Privacy 6.5.8
Comment: PGP or S/MIME (X.509) encrypted email preferred.

iQA/AwUBPe49X8zYtOFvgXQfEQLgfgCeNXfoa/9V2eRY/+Pe3duJvOg9kw8AoNG3
Qcb+xOh4/cI+RMg4+Pdgh/fu
=f3aP
-----END PGP SIGNATURE-----

-------------------------------------------------------
This SF.net email is sponsored by: Microsoft Visual Studio.NET
comprehensive development tool, built to increase your
productivity. Try a free online hosted session at:
http://ads.sourceforge.net/cgi-bin/redirect.pl?micr0003en
_______________________________________________
Snort-users mailing list
Snort-userslists.sourceforge.net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]