Snort mailing list archives

alert_unified only

From: "John Byrnes" <JohnByrnes () alliantenergy com>
Date: Wed, 01 Oct 2003 11:29:18 -0500

Hello-
I've moved to barnyard for inserting events into my db which works
really slick. With that, I only include the alert_unified output module
for snort.conf 
 
(snip from snort.conf )output alert_unified: filename snort.alert,
limit 128

In my log directory however, I still see what looks like the
alerrt_full module output, ie directories created with IP addr for the
name. I would like to turn that off so I dont have to do a lot of clean
up file maintainace on my sensors.

Thanks,
John B

Current thread:

alert_unified only John Byrnes (Oct 01)
- Re: alert_unified only Chris Green (Oct 01)
- Snort rules merging and duplicate entries (3D Linked List) Jukka Juslin (Oct 02)
- Re: alert_unified only Erek Adams (Oct 05)