Re: Unable to configure unified2 output

[Mike Lococo <mikelococo () gmail com>]

Nick,

> > I recently attempted to migrate to merged alert/log unified2 output
> > using the following config:
>
> I would recommend simply using the unified2 logger and then creating all
> of your output from Barnyard2. The whole reason that the unified output
> was created was to fork off most of the output processes so that Snort
> could process packets faster.
>
> If you read through the barnyard2.conf file in the installed code,
> you'll find lots of output options there.

Thanks for your response, but I think I might have been unclear in my 
original post.  I'm _trying_ to configure unified2 per the instructions 
in the barnyard2 docs, and it's not working (I get the default 
log_tcpdump behavior instead, as though I had no output module configured).

I'm not actually trying to get log_unified2 or log_unified output at 
all... I only documented those tests to demonstrate that the rest of my 
snort infrastructure is functional, because they both behave as expected.

Thanks,
Mike Lococo

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users