Logging to a Specific File

Problem

You want to log your output to a specific file and location.

Solution

Use the -L option to log to a specific file:

[testuser@localhost snort]# snort -L test1

You can also specify a location by using the -l command-line option:

[testuser@localhost snort]# snort -l /snort/log -L test2

Discussion

Logging traffic in binary mode is far less resource intensive than in other modes. Binary files can then be reviewed later using Snort, TCPDump, Ethereal, or other binary log-compatible programs.

You can log to a specific file by specifying the -L command-line option. This logs the network traffic to a binary file. The following command logs all traffic to the file called test1 in the default Snort log directory:

[testuser@localhost snort]# snort -L test1

This command creates a file called test1.1084554709 in the /var/log/snort directory. You can also specify a location by using the -l command-line option:

[testuser@localhost snort]# snort -l /snort/log -L test2

This command creates a file called test1.1084554711 in the /snort/log directory.

See Also

Recipe 1.17