Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Using ACID AND SnortSnarf - How?

From: Ralf Spenneberg <lists () spenneberg org>
Date: 12 Dec 2003 14:27:31 +0100
Am Don, 2003-12-11 um 22.14 schrieb Ralf Henze :

1. /usr/local/bin/snort -i ppp0 -i eth1 -i eth0 -c /etc/snort/snort.conf  -l /var/log/snort/  \
    -A full -u ids -g ids -o -D 

output alert_unified: filename /var/log/snarf/alert, limit 128
output log_unified: filename /var/log/snarf/snort.log, limit 128


Last time I looked, Snort disabled all output-plugins defined in the
configuration file when I used -A on the command line. Define the 
full alert output plugin in your configuration file and not on the
commandline and you should be fine.

Cheers,

Ralf
-- 
Ralf Spenneberg
RHCE, RHCX

Book: VPN mit Linux
Book: Intrusion Detection für Linux Server   http://www.spenneberg.com
IPsec-Howto                                  http://www.ipsec-howto.org
Honeynet Project Mirror:                     http://honeynet.spenneberg.org


-------------------------------------------------------
This SF.net email is sponsored by: IBM Linux Tutorials.
Become an expert in LINUX or just sharpen your skills.  Sign up for IBM's
Free Linux Tutorials.  Learn everything from the bash shell to sys admin.
Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users
Previous By Date Next
Previous By Thread Next

Current thread: