Re: general questions

[waldo kitty <wkitty42 () windstream net>]

On 3/29/2013 11:59, Mohammad MontazerI wrote:
> Which log files would you like read?
> i thought there is just one log file!

ni a default snort, there are the alert file and each execution of snort starts 
a new pcap file...

> however, i used this command:
> ./snort -d -h 192.168.1.0/24 -l ./log -c snort.conf
>
> and it created two flies:
> alert and a log file.
> i m trying to read this log file.

i suspect you are trying to read the pcap file... they have names like 
snort.log.1279369061... the numbers are the unix date/time stamp of when the log 
was started IIRC... other than that, they are regular pcaps that snort has 
created of the data packet(s) that caused the alert at that particular point in 
time... you should have a corresponding entry for the same time and date in your 
alert file... how do you actually see what these files contain? you use a tool 
like wireshark or similar...

------------------------------------------------------------------------------
Own the Future-Intel(R) Level Up Game Demo Contest 2013
Rise to greatness in Intel's independent game demo contest. Compete 
for recognition, cash, and the chance to get your game on Steam. 
$5K grand prize plus 10 genre and skill prizes. Submit your demo 
by 6/6/13. http://altfarm.mediaplex.com/ad/ck/12124-176961-30367-2
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!