Re: Unable to configure unified2 output

[Mike Lococo <mikelococo () gmail com>]

> >     sudo /usr/local/bin/snort -m 007 -A none -d -i dag1:0 -u snort \
> >     -g snort -c /etc/snort/snort0.conf -l /var/log/snort/dag1:0 \
> >     -F /etc/snort/snort.bpf
>
> Lose the -A none

That fixes it... and makes me feel fairly silly to boot.  Thanks so much.

I had tested various values of -A, but hadn't thought to omit it 
entirely.  I was also under the mistaken impression that -A controlled a 
different output facility that was unrelated to conf-file output 
modules... which clearly isn't the case.

Given the variety of ways to configure output, it might be nice if snort 
echoed some of its thought process during startup along with the 
"Initializing Output Plugins!" message.

Best regards,
Mike Lococo

------------------------------------------------------------------------------
Download Intel® Parallel Studio Eval
Try the new software tools for yourself. Speed compiling, find bugs
proactively, and fine-tune applications for parallel performance.
See why Intel Parallel Studio got high marks during beta.
http://p.sf.net/sfu/intel-sw-dev
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://www.geocrawler.com/redir-sf.php3?list=snort-users