Snort mailing list archives
Re: Unified logging doesn't work.
From: "Steve Crow" <scrow () amarilloheartgroup com>
Date: Wed, 11 Jun 2014 09:02:11 -0500
CentOS6.5 Sorry for the mention of sourceforge, no idea why I put that in there, I meant snort.org. Thank you! Steve -----Original Message----- From: James Lay [mailto:jlay () slave-tothe-box net] Sent: Tuesday, June 10, 2014 5:46 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Unified logging doesn't work. On 2014-06-10 16:43, Steve Crow wrote:
I don’t question that your command works, my question has to do with having snort start at boot. The recommended install docs at sourceforge use /etc/init.d/snortd and /etc/sysconfig/snort files. But they are not designed for unified output as far as I can tell. If I go with your command, where do I place it to have snort automatically start up at boot time? Thanks again! Steve
Well...I don't recognize the sysconfig file but I can tell you that: snort --daq afpacket --daq-mode passive -i eth0:eth1 Work like a champ and create only one unified file. James Currently my /etc/rc.local....but I did my own setup. This is just straight command line. James
Ah...I understand now. What distro are you runing? James ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news! ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Unified logging doesn't work., (continued)
- Re: Unified logging doesn't work. Steve Crow (Jun 09)
- Re: Unified logging doesn't work. Joel Esler (jesler) (Jun 09)
- Re: Unified logging doesn't work. Steve Crow (Jun 09)
- Re: Unified logging doesn't work. James Lay (Jun 09)
- Re: Unified logging doesn't work. Steve Crow (Jun 09)
- Re: Unified logging doesn't work. James Lay (Jun 09)
- Re: Unified logging doesn't work. Steve Crow (Jun 09)
- Re: Unified logging doesn't work. James Lay (Jun 09)
- Re: Unified logging doesn't work. Steve Crow (Jun 10)
- Re: Unified logging doesn't work. James Lay (Jun 10)
- Re: Unified logging doesn't work. Steve Crow (Jun 11)
- Re: Unified logging doesn't work. James Lay (Jun 11)
- Re: Unified logging doesn't work. Joel Esler (jesler) (Jun 09)
- Re: Unified logging doesn't work. Steve Crow (Jun 09)