Format

    output log_tcpdump: [<filename> [<limit>]]
    <limit> ::= <number>[('G'|'M'|K')]

• filename: the name of the log file. The default name is $<$logdir$>$/snort.log. The name may include an absolute or relative path. A UNIX timestamp is appended to the filename.

• limit: an optional limit on file size which defaults to 128 MB. When a sequence of packets is to be logged, the aggregate size is used to test the rollover condition. See 2.6.10 for more information.