Snort mailing list archives

Previous By Date Next
Previous By Thread Next

snort 2.9.6.2 unified2

From: John Hally <JHally () EBSCO COM>
Date: Tue, 23 Sep 2014 01:18:21 +0000
Hi All,

I’m having an issue that I just cant figure out.

I’m trying to combine alerts and logs in uniified2 format which I have the following in my snort.conf file:

output unified2: filename snort.log, limit 128, nostamp

The issue is when I try to get barnyard2 to process the file.  It seems that if I run snort like the following, 
barnyard2 reports that its waiting for a spool file:

/usr/local/bin/snort -D -i eth1 -u snort -g snort -c /etc/snort/etc/snort.conf

And barnyard2 never finds the snort.log file that is created.


BUT if I run snort this way:

/usr/local/bin/snort -A full -D -i eth1 -u snort -g snort –c /etc/snort/etc/snort.conf

barnyard2 finds the snort.log.##### filename that gets created, but I think the file format isnt correct.

Sorry if this is more of a barnyard2 issue than snort

Thanks!

John

------------------------------------------------------------------------------
Meet PCI DSS 3.0 Compliance Requirements with EventLog Analyzer
Achieve PCI DSS 3.0 Compliant Status with Out-of-the-box PCI DSS Reports
Are you Audit-Ready for PCI DSS 3.0 Compliance? Download White paper
Comply to PCI DSS 3.0 Requirement 10 and 11.5 with EventLog Analyzer
http://pubads.g.doubleclick.net/gampad/clk?id=154622311&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: