Snort mailing list archives
Re: Using ACID AND SnortSnarf - How?
From: Ralf Spenneberg <lists () spenneberg org>
Date: 12 Dec 2003 14:27:31 +0100
Am Don, 2003-12-11 um 22.14 schrieb Ralf Henze :
1. /usr/local/bin/snort -i ppp0 -i eth1 -i eth0 -c /etc/snort/snort.conf -l /var/log/snort/ \ -A full -u ids -g ids -o -D output alert_unified: filename /var/log/snarf/alert, limit 128 output log_unified: filename /var/log/snarf/snort.log, limit 128
Last time I looked, Snort disabled all output-plugins defined in the configuration file when I used -A on the command line. Define the full alert output plugin in your configuration file and not on the commandline and you should be fine. Cheers, Ralf -- Ralf Spenneberg RHCE, RHCX Book: VPN mit Linux Book: Intrusion Detection für Linux Server http://www.spenneberg.com IPsec-Howto http://www.ipsec-howto.org Honeynet Project Mirror: http://honeynet.spenneberg.org ------------------------------------------------------- This SF.net email is sponsored by: IBM Linux Tutorials. Become an expert in LINUX or just sharpen your skills. Sign up for IBM's Free Linux Tutorials. Learn everything from the bash shell to sys admin. Click now! http://ads.osdn.com/?ad_id78&alloc_id371&op=click _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Using ACID AND SnortSnarf - How? Ralf Henze (Dec 12)
- Re: Using ACID AND SnortSnarf - How? Ralf Spenneberg (Dec 12)