Problem
You want to log your output to a specific file and location.
Solution
Use the -L option to log to a specific file:
[testuser@localhost snort]# snort -L test1
You can also specify a location by using the -l command-line option:
[testuser@localhost snort]# snort -l /snort/log -L test2
Discussion
Logging traffic in binary mode is far less resource intensive than in other modes. Binary files can then be reviewed later using Snort, TCPDump, Ethereal, or other binary log-compatible programs.
You can log to a specific file by specifying the -L command-line option. This logs the network traffic to a binary file. The following command logs all traffic to the file called test1 in the default Snort log directory:
[testuser@localhost snort]# snort -L test1
This command creates a file called test1.1084554709 in the /var/log/snort directory. You can also specify a location by using the -l command-line option:
[testuser@localhost snort]# snort -l /snort/log -L test2
This command creates a file called test1.1084554711 in the /snort/log directory.
See Also
Recipe 1.17
Logging to Multiple Locations |
Installing Snort from Source on Unix
Logging to a File Quickly
How to Build Rules
Detecting Stateless Attacks and Stream Reassembly
Managing Snort Sensors
Generating Statistical Output from Snort Logs
Monitoring Network Performance
Index