enter image description here
My snort.log file is completely empty and my snort.log.xxxxx files contain the characters ##...
I already know how to read the snort.log.xxx file but my snort.log file is empty and I don't know how to view it
Am using snort on ubuntu server
Thanks for your reply
If you mean the log files that end with a 10 digit number (Epoch timestamp), you can add the .pcap extension to the log file itself than open it in packet viewer of your liking (for example Wireshark).
You can view the log using tshark in linux command line.
For example: tshark -r snort.log.xxxxx
Related
I heard there was a way to convert an ISF file to PCAP using QCAT by command line but I've not found a way to do so with anything I've read or searched for on the internet.
Anyone know of how to perform this action?
Thanks
From a short Qualcomm slide show:
QCAT runs cmd line to generate the PCAP/TXT. Customer can run cmd line option to generate PCAP/TXT
Executable: C:\Program Files (x86)\Qualcomm\QCAT 6.x\Bin\PCAP Generator.exe Usage: PCAP Generator.exe [input_file] [output_path] [-option]
This command converts a file or directory of .qmdl files into a single .hdf file. The .hdf file will be named the same as the original log file or the directory of the input but with a .hdf extension.
QCAT –hdf file
or
QCAT –hdf directory
Hello people
It's my first time using logrotate and I don't know if I'm configuring it in the right way. I'm using it with loggerhead log file in Ubuntu 11.04
Log is under
/log/loggerhead/loggerheadd.log
My configuration file looks like this
/log/loggerhead/loggerheadd.log {
daily
rotate 7
compress
delaycompress
missingok
}
Then I run a force rotation
logrotate -f /etc/logrotate.d/loggerhead
and that change the name of the log file to
/log/loggerhead/loggerheadd.log.1
And didn't create the original file (loggerheadd.log) again, so I couldn't run a new force rotation, because "the file doesn't exist".
So, it's supposed that the application write entries in "loggerheadd.log" but when logrotate run the file will be renamed, so where will be written the log entries? Am I missing something?
Hope you can help me
By default logrotate will just rename your files, so your old file will be gone.
You can either use the create option to create a new file after the old one is used, or copytruncate to copy the original file to one with a new name, then truncate the original. Either option will do what you're asking for (more details on the man page here)
From the wget man page
§ 2.4 Logging and Input File Options
‘-i file’
‘--input-file=file’
Read urls from a local or external file. If ‘-’ is specified as file, urls
are read from the standard input. (Use ‘./-’ to read from a file literally
named ‘-’.)
If this function is used, no urls need be present on the command line. If
there are urls both on the command line and in an input file, those on the
command lines will be the first ones to be retrieved. If ‘--force-html’ is
not specified, then file should consist of a series of URLs, one per line.
I tried doing
wget -i - www.google.com
It downloaded a file index.html, but then it hangs. Even after I pressed
"Enter" several times, it still hangs. Why?
Because you have not closed your 'file' wget continues waiting for you to type more into stdin. To terminate, press ctrl + d [EOF terminator]
Recently updated my Wireshark on a server, and lost the ability to use -R and -w from the CLI. Since I'm tracing SIP and RTP calls, I need to use -R and not -f.
I found out using -V is very useful (shows the packet tree on screen) and then I can redirect the output to a file. Unfortunately I'm not able to open that file through Wireshark to view properly (contains too muh text to easily scroll through).
I tried using -x t add the hex dump (removed -V), but still that is not openable through Wireshark when copying the text file to my PC.
Any ideas how I can trace using -R (with or without -V), copy the file to my PC and still be able to read it through Wireshark? I don't have issues to convert the file to a readable format.. Just need anything to view the files and share them :)
Thanks all,
//M
In SQL I'm using xp_cmdShell to run FTP commands. I have no problem getting the list of files or copying files to the local server, but I want to compare copied file size to the original to make sure the get has been successful.
Any ideas on how to compare file sizes?
From a command prompt you can use the DOS File Compare command (fc). In your case you probably want to do a binary compare (there is no file size compare). I binary compare should work in your case.
Most DOS commands will return some code that let s you know the status.
http://www.computerhope.com/fchlp.htm
EDIT
Sorry, I read your question and realized you want to compare it against a file on the ftp server. I think this is a moot point since if ftp reports a successful file transfer there is no reason to compare (unless your source of comparison for not the ftp site). Does that make sense?
What you could do it use the FTP command ls command.
ftp> ls <filename>
where ftp> is the ftp prompt and not part of the command. This command gives you the file size in bytes. Then you need to use the dos command for the local file. Here is a StackOverflow question (and answer) about that.
Windows command for file size only?