Snort mailing list archives
Unified2 Output
From: Jim Campbell <jim () w4bqp net>
Date: Sat, 15 Jul 2017 20:01:15 -0400
In my day-to-day use of Snort 3 I need for it to output its results in Unified2 format. Experimenting, I came upon something that isn't working for me. It may be a configuration issue that I don't yet understand.
If I run "sudo /opt/snort/bin/snort -r ./pcaps/ie_aurora_WinXP_successfulExploitation.pcap -L dump" everything works OK.
If I run "sudo /opt/snort/bin/snort -r ./pcaps/ie_aurora_WinXP_successfulExploitation.pcap -A unified2" it writes a "unified2.log.nnnnn" file in the default directory but the length is zero.
What am I doing wrong / leaving out? Thanks, Jim -- "We are not human beings having a spiritual experience; we are spiritual beings having a human experience." ---Pierre Teilhard de Chardin _______________________________________________ Snort-users mailing list Snort-users () lists snort org Go to this URL to change user options or unsubscribe: https://lists.snort.org/mailman/listinfo/snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Unified2 Output Jim Campbell (Jul 15)
- Re: Unified2 Output Al Lewis (allewi) via Snort-users (Jul 15)
- <Possible follow-ups>
- Re: Unified2 Output Jim Campbell (Jul 15)
- Re: Unified2 Output Marcin Dulak via Snort-users (Jul 15)
- Re: Unified2 Output Jim Campbell (Jul 16)
- Re: Unified2 Output Marcin Dulak via Snort-users (Jul 16)
- Re: Unified2 Output Marcin Dulak via Snort-users (Jul 15)