Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Demand of snort output

From: XSign <evilsign () gmail com>
Date: Thu, 13 Nov 2014 10:49:27 +0800
Hi there,
    I'm a new guy of snort ...
    nowdays I have a demand which I cannot figure out...
    I have a PF_RING&DNA ethernet interface with snort&barnyard.My
snort.conf output section is like this:
    output unified2: filename merged.log, limit 128, mpls_event_types,
vlan_event_types
    output log_tcpdump: tcpdump.log
    Both of merged.log and tcpdump.log only save itmes which is hit rules
in snort.conf.But my demand is, output logs to merged.log which is hit
rules in snort.conf, while output all traffic to tcpdump.log with file size
limit.
    Is there a possible way I can do that ?

------------------------------------------------------------------------------
Comprehensive Server Monitoring with Site24x7.
Monitor 10 servers for $9/Month.
Get alerted through email, SMS, voice calls or mobile push notifications.
Take corrective actions from your mobile device.
http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: