Snort mailing list archives
Re: Always logging as binary!
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Sat, 23 Jan 2016 04:02:39 +0000
Hence why I said -b is the default (binary, pcap based). You either have to override it on the command line (which overrides the snort.conf) or specify your output method in the snort.conf and don’t override it on the command line. -- Joel Esler Manager, Talos Group On Jan 22, 2016, at 11:48 AM, Jack Rief <jrief () bigkahunatech com<mailto:jrief () bigkahunatech com>> wrote: I saw that but that seems to affect only the alerts. I’m getting alerts in text form and having them sent to syslog. That all works fine. The problem is the regular logs. The documentation says the default mode for these logs is text, but I’m seeing them written in tcp_dump format no matter what startup options I use. Meaning if I omit the –b option I get binary format, if I include the –b option I get binary format. Jack Rief Senior Programmer Analyst Big Kahuna Technology From: Joel Esler (jesler) [mailto:jesler () cisco com] Sent: Thursday, January 21, 2016 5:50 PM To: Jack Rief Cc: snort-users () lists sourceforge net<mailto:snort-users () lists sourceforge net> Subject: Re: [Snort-users] Always logging as binary! -b is the default. You have to specifically tell Snort to log in ascii. Check out -A Sent from my iPhone On Jan 21, 2016, at 8:46 PM, Jack Rief <jrief () bigkahunatech com<mailto:jrief () bigkahunatech com>> wrote: My snort installation has NEVER logged to ascii. It has always logged to the tcp_dump binary format. Even without the –b switch for logging! Where can I look to fix/debug this problem? We’re sending our alerts to syslog and would like to do the same with the standard logs. But first we need to log in non-binary format! Jack Rief Senior Programmer Analyst Big Kahuna Technology ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140 _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org<http://blog.snort.org/> to stay current on all the latest Snort news! ------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net<mailto:Snort-users () lists sourceforge net> Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ Site24x7 APM Insight: Get Deep Visibility into Application Performance APM + Mobile APM + RUM: Monitor 3 App instances at just $35/Month Monitor end-to-end web transactions and take corrective actions now Troubleshoot faster and improve end-user experience. Signup Now! http://pubads.g.doubleclick.net/gampad/clk?id=267308311&iu=/4140
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Always logging as binary! Jack Rief (Jan 21)
- Re: Always logging as binary! Joel Esler (jesler) (Jan 21)
- Re: Always logging as binary! Jack Rief (Jan 22)
- Re: Always logging as binary! wkitty42 (Jan 22)
- Re: Always logging as binary! Joel Esler (jesler) (Jan 22)
- Re: Always logging as binary! Jack Rief (Jan 22)
- Re: Always logging as binary! Joel Esler (jesler) (Jan 21)