Snort mailing list archives
Demand of snort output
From: XSign <evilsign () gmail com>
Date: Thu, 13 Nov 2014 10:49:27 +0800
Hi there, I'm a new guy of snort ... nowdays I have a demand which I cannot figure out... I have a PF_RING&DNA ethernet interface with snort&barnyard.My snort.conf output section is like this: output unified2: filename merged.log, limit 128, mpls_event_types, vlan_event_types output log_tcpdump: tcpdump.log Both of merged.log and tcpdump.log only save itmes which is hit rules in snort.conf.But my demand is, output logs to merged.log which is hit rules in snort.conf, while output all traffic to tcpdump.log with file size limit. Is there a possible way I can do that ?
------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Demand of snort output XSign (Nov 12)