Snort mailing list archives

Previous By Date Next
Previous By Thread Next

2.8.1 or 2.8.2rc1: cannot configure custom output

From: Philippe Strauss <philou () philou ch>
Date: Fri, 9 May 2008 17:33:19 +0200
Hello snort users,

Using those 2 snort versions, I cannot figure out how to make works  
the following type of output:

# DEFAULT in vanilla config: works
#output alert_syslog: LOG_AUTH LOG_ALERT
# DOESNT WORKS: still log in auth
#output alert_syslog: log_local7 log_info

# DOESNT WORKS: still logs via syslog in auth
#output alert_unified: filename snort.alert, limit 128
# WORKS
#output log_unified: filename snort.log, limit 128

# DOESNT WORKS
#output unified2: filename snort.u2
#output log_unified2: filename snort.lu2
#output alert_unified: filename snort.au

# DOESNT WORKS
output alert_csv: snort.csv msg,proto,timestamp,src,srcport,dst,dstport
# WORKS
output log_unified: filename snort.lu

The rest of my config is like the example shipped in the tarball,  
excet for the $HOME networks list and the rules path

What am'I missing?
TIA

--
Philippe Strauss
philou () philou ch





-------------------------------------------------------------------------
This SF.net email is sponsored by the 2008 JavaOne(SM) Conference 
Don't miss this year's exciting event. There's still time to save $100. 
Use priority code J8TL2D2. 
http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: