Snort mailing list archives
Re: Snort Ignores Filenames for alert_unified and log_unified?
From: Eoin Miller <eoin.miller () trojanedbinaries com>
Date: Wed, 18 Nov 2009 18:15:00 -0500
Figured it out, the Snort Users Manual PDF includes incorrect examples under section 2.68 - Unified: Example output alert_unified: snort.alert, limit 128 output log_unified: snort.log, limit 128 What you actually need to have is: output alert_unified: filename snort.alert, limit 128 output log_unified: filename snort.log, limit 128 Then Snort will create the filenames as you want them. The unified2 section has correct examples. -- Eoin Eoin Miller wrote:
Does Snort just ignore the base filenames set for the alert_unified and log_unified options? I have tried this: ---snort.conf snip--- output alert_unified: 00-snort.alert, limit 128 output log_unified: 00-snort.log, limit 128 ---snort.conf snip--- And these are the filenames I get: # ls -1 snort-unified.alert.1258491654 snort-unified.log.1258491654 Anyone have these types of issues? -- Eoin ------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users # " This e-mail and any attached documents may contain confidential or proprietary information. If you are not the intended recipient, please advise the sender immediately and delete this e-mail and all attached documents from your computer system. Any unauthorised disclosure, distribution or copying hereof is prohibited." " Ce courriel et les documents qui y sont attaches peuvent contenir des informations confidentielles. Si vous n'etes pas le destinataire escompte, merci d'en informer l'expediteur immediatement et de detruire ce courriel ainsi que tous les documents attaches de votre systeme informatique. Toute divulgation, distribution ou copie du present courriel et des documents attaches sans autorisation prealable de son emetteur est interdite." #
------------------------------------------------------------------------------ Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day trial. Simplify your report design, integration and deployment - and focus on what you do best, core application coding. Discover what's new with Crystal Reports now. http://p.sf.net/sfu/bobj-july _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Proxy woes inetjunkmail (Nov 17)
- Re: Proxy woes CunningPike (Nov 17)
- Re: Proxy woes Alan Ptak (Nov 17)
- Re: Proxy woes Joel Esler (Nov 17)
- Snort Ignores Filenames for alert_unified and log_unified? Eoin Miller (Nov 17)
- Re: Snort Ignores Filenames for alert_unified and log_unified? Eoin Miller (Nov 18)
- Re: Proxy woes Jason Wallace (Nov 17)
- Re: Proxy woes Joel Esler (Nov 17)
- Re: Proxy woes Alan Ptak (Nov 17)
- Re: Proxy woes CunningPike (Nov 17)