Snort mailing list archives

Re: Snort Ignores Filenames for alert_unified and log_unified?

From: Eoin Miller <eoin.miller () trojanedbinaries com>
Date: Wed, 18 Nov 2009 18:15:00 -0500

Figured it out,  the Snort Users Manual PDF includes incorrect examples 
under section 2.68 - Unified:

Example
output alert_unified: snort.alert, limit 128
output log_unified: snort.log, limit 128

What you actually need to have is:

output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128

Then Snort will create the filenames as you want them. The unified2 
section has correct examples.

-- Eoin

Eoin Miller wrote:

Does Snort just ignore the base filenames set for the alert_unified and
log_unified options? I have tried this:

---snort.conf snip---
output alert_unified: 00-snort.alert, limit 128
output log_unified: 00-snort.log, limit 128
---snort.conf snip---

And these are the filenames I get:
# ls -1
snort-unified.alert.1258491654
snort-unified.log.1258491654

Anyone have these types of issues?

-- Eoin


------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 
30-Day
trial. Simplify your report design, integration and deployment - and 
focus on
what you do best, core application coding. Discover what's new with
Crystal Reports now. http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

#
" This e-mail and any attached documents may contain confidential or 
proprietary information. If you are not the intended recipient, please 
advise the sender immediately and delete this e-mail and all attached 
documents from your computer system. Any unauthorised disclosure, 
distribution or copying hereof is prohibited."

" Ce courriel et les documents qui y sont attaches peuvent contenir 
des informations confidentielles. Si vous n'etes pas le destinataire 
escompte, merci d'en informer l'expediteur immediatement et de 
detruire ce courriel ainsi que tous les documents attaches de votre 
systeme informatique. Toute divulgation, distribution ou copie du 
present courriel et des documents attaches sans autorisation prealable 
de son emetteur est interdite."
#



------------------------------------------------------------------------------
Let Crystal Reports handle the reporting - Free Crystal Reports 2008 30-Day 
trial. Simplify your report design, integration and deployment - and focus on 
what you do best, core application coding. Discover what's new with
Crystal Reports now.  http://p.sf.net/sfu/bobj-july
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users

Current thread:

Proxy woes inetjunkmail (Nov 17)
- Re: Proxy woes CunningPike (Nov 17)
  - Re: Proxy woes Alan Ptak (Nov 17)
    - Re: Proxy woes Joel Esler (Nov 17)
  - Snort Ignores Filenames for alert_unified and log_unified? Eoin Miller (Nov 17)
    - Re: Snort Ignores Filenames for alert_unified and log_unified? Eoin Miller (Nov 18)
  - Re: Proxy woes Jason Wallace (Nov 17)
    - Re: Proxy woes Joel Esler (Nov 17)