Logging to a Specific File

Problem

You want to log your output to a specific file and location.

Solution

Use the -L option to log to a specific file:

[testuser@localhost snort]# snort -L test1

You can also specify a location by using the -l command-line option:

[testuser@localhost snort]# snort -l /snort/log -L test2

 

Discussion

Logging traffic in binary mode is far less resource intensive than in other modes. Binary files can then be reviewed later using Snort, TCPDump, Ethereal, or other binary log-compatible programs.

You can log to a specific file by specifying the -L command-line option. This logs the network traffic to a binary file. The following command logs all traffic to the file called test1 in the default Snort log directory:

[testuser@localhost snort]# snort -L test1

This command creates a file called test1.1084554709 in the /var/log/snort directory. You can also specify a location by using the -l command-line option:

[testuser@localhost snort]# snort -l /snort/log -L test2

This command creates a file called test1.1084554711 in the /snort/log directory.

See Also

Recipe 1.17

Logging to Multiple Locations

Installing Snort from Source on Unix

Logging to a File Quickly

How to Build Rules

Detecting Stateless Attacks and Stream Reassembly

Managing Snort Sensors

Generating Statistical Output from Snort Logs

Monitoring Network Performance

Index



Snort Cookbook
Snort Cookbook
ISBN: 0596007914
EAN: 2147483647
Year: 2006
Pages: 167

Flylib.com © 2008-2020.
If you may any questions please contact us: flylib@qtcs.net