Re: snort-1.8.7 and alert file

[<bthaler () webstream net>]

OK.  Now my snort.conf has this:

output log_null
output log_unified: filename snort.log, limit 128

And logging is back, but so is the alert file.  Sorry if I'm missing something really basic here.

As far as my network utilization, I'm using about 30Mbit of a 45Mbit pipe.





Regards,

Brad T. 




----- Original Message ----- 
From: "Erek Adams" <erek () theadamsfamily net>
To: <bthaler () webstream net>
Cc: <snort-users () lists sourceforge net>
Sent: Tuesday, July 30, 2002 10:33 AM
Subject: Re: [Snort-users] snort-1.8.7 and alert file


> On Tue, 30 Jul 2002 bthaler () webstream net wrote:
>
> > OK.  I missed that one, thanks.
>
> No problem.
>
> > Now, since my command-line "-N" is overriding my snort.conf's "output
> > log_unified", I'm getting no logging at all.
> >
> > How do I either specify spo_unified on the command-line, or specify the "-N"
> > in snort.conf?
>
> Easy enough:
>
>   http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.12
>
> > (Strangely, I'm getting 30% packet loss now.....interesting)
>
> Hrm...  How much pipe, and how much utilization are you getting?
>
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net



-------------------------------------------------------
This sf.net email is sponsored by: Dice - The leading online job board
for high-tech professionals. Search and apply for tech jobs today!
http://seeker.dice.com/seeker.epl?rel_code=31
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users