Snort - the de facto standard for intrusion detection/prevention
the de facto standard in IPS  
Got Source? About Snort About Sourcefire Snort FAQ
Sourcefire Network Security - the creators of Snort
Snort News Snort Downloads Snort Rules Snort Docs Snort Training Snort Forums Snort Community Snort Store
Search Site
Search Rules
Account
email
password
not registered?
can't login?
user preferences
next up previous
Next: 2.4 Why does Snort Up: 2 Getting Started Previous: 2.2 How do I

2.3 Where are my log files located? What are they named?

The default location for logs is /var/log/snort. If snort is started with ``-l $<$directory$>$'', then the logs will be located in the directory specified.

In the past, running Snort in daemon mode (-D) produced a file named ``snort.alert.'' For consistency's sake, this has been changed. Running Snort in both standard or daemon modes (-D) will produce a file named ``alert.''

Note the log file naming convention changed between 1.8 and 1.9. That funny alphanumeric soup at the end of the new names is a UNIX timestamp. This helps avoid file conflicts.


Nigel Houghton 2006-10-02
site feedback | Terms of Use | Privacy Policy | forum archives ©2008 Snort and Sourcefire are registered trademarks of Sourcefire, Inc. All rights reserved.