# Packet Logger mode | **-l** |

Logger mode, target log and alert output directory. Default output folder is /var/log/snort

The default action is to dump as tcpdump format in /var/log/snort

| | ------------ | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- | | **-K ASCII** | Log packets in ASCII format. | | **-r** | Reading option, read the dumped logs in Snort. | | **-n** | Specify the number of packets that will process/read. Snort will stop after reading the specified number of packets. | ![](https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2F8lGq3lFRoB5L4lg6kub7%2Fimage%2010.PNG?alt=media\&token=7ca443e2-b2cd-4c18-b0a6-2c93198d6e9c) I used sudo su to initialy change to root user as snort Snort needs superuser (root) rights to sniff the traffic. Then I used the command: sudo snort -dev -l to start snort in the packet logger mode. The `-l .` part of the command creates the logs in the current directory ![After the following commands new logs should be generated](https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2Fc09LWcCVWTFzNkQX4Hc7%2FImage%2011.PNG?alt=media\&token=da18110d-7117-4617-9f6e-b3b07b423b23) !["-r" parameter also allows users to filter the binary log files. You can filter the processed log to see specific packets with the "-r" parameter and Berkeley Packet Filters (BPF). ](https://2022164620-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FtzurpgroDJSMn9AFVmQP%2Fuploads%2F36WJod70BL7f3458vIH5%2Fimage%2012.PNG?alt=media\&token=56f31bb1-862e-422b-90a3-52a0d9fdb547) * `sudo snort -r logname.log -X` * `sudo snort -r logname.log icmp` * `sudo snort -r logname.log tcp` * `sudo snort -r logname.log 'udp and port 53'`