Snort config file issues with

[Don Hall <dhall () rmscollects com>]

Question to the Snort User Community,

I have Snort v2.9.12  in Windows.

I have made modifications to the configuration file
(c:Snort\etc\snort.conf) in Step #6 area (in lines 520 to 530 area)
Removing the nostamp, so that I can get the timestamp extension,
To the snort.log, snort.alert, and tcpdump.log files.
I also change the size option for the plug-ins, for manageable files
To analyze.

I remove the nostamp, so that I can segment the log file into
Manageable chunks, and analyze data, while Snort keeps going.

I would use either the (-de), with or without the binary (-b),
With or without the (-C) ASCII format, without problems.
Prior to using the config file, things are clean and I can use the read (-rd) or (-dr)
To get the payload info, because I need to do data analysis on the payload.

When I start to use the config file; however, then problems start to occur.
I can create the file, then try to read the file back with the read (-rd) or (-dr) option,
And I get the following:

                Running in packet dump mode
                --== Initializing Snort  ==--
Initializing Output Logins!
Error getting stat on pcap file:  d: no such file or directory
ERROR: Error getting pcaps.
Fatal Error. Quitting..
Could not set the even message file.

Thanks, in advance, for looking into the issue.

(that is with either -dr or -rd command line arguments.)

Thanks for any recommendations.


Don Hall





_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

        To unsubscribe, send an email to:
        snort-users-leave () lists snort org

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette