Snort mailing list archives
Re: Snort + Barnyard + alert file
From: Russell Fulton <r.fulton () auckland ac nz>
Date: Mon, 10 May 2010 09:33:51 +1200
On 8/05/2010, at 2:24 PM, Vipul M Sawant wrote:
Hi Fábio You can specify unified output option in /etc/snort/snort.conf to create unified files. for example - output alert_unified: filename snort.alert, limit 128 output log_unified: filename snort.log, limit 128 add these lines to snort.conf start barnyard with options -l /var/log/snort and -f snort.alert
Also be aware that the -A command line flag affects this too. I recently changed fron unfied to unified2 and spent a couple of day tearing my hair out getting it working. The problem was a '-A none' on the command line which was necessary with unified but broke the unified2 stopping it from generating alerts. Russell ------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- Snort + Barnyard + alert file Fábio Ferrão (May 07)
- Re: Snort + Barnyard + alert file Vipul M Sawant (May 07)
- Re: Snort + Barnyard + alert file Russell Fulton (May 09)
- Re: Snort + Barnyard + alert file Vipul M Sawant (May 07)