Re: snort, barnyard, and base

[beenph <beenph () gmail com>]

On Wed, May 29, 2013 at 7:55 PM, waldo kitty <wkitty42 () windstream net> wrote:
> On 5/29/2013 13:26, beenph wrote:
> > remove -b  from snort command line, this is binary logging and will
> > overwride your snort.conf output unified2 configuration.
> >
> > Binary logging will output log in pcap format.
>
> erk! is there no way to retain the default binary logging and have unified2 as
> well? is the answer simply to define both in the conf and forego the command
> line options?
output tcpdump: xxxxx
output unified2: xxxxxx


So yes and use different file prefix, but at this point, the packets
triggered from events and
tagged packets are in the unified2 file if you use output unified2.

You can also allways uses the tool that come with snort source called
u2boat to create pcap files from unified2 files.


-elz

------------------------------------------------------------------------------
Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
http://p.sf.net/sfu/appdyn_d2d_ap1
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!