Snort mailing list archives
Re: Not getting unified2 output
From: beenph <beenph () gmail com>
Date: Mon, 22 Jul 2013 12:26:49 -0400
Remove -A fast and -b from your snort command line. -elz On Mon, Jul 22, 2013 at 12:14 PM, mulhern <mulhern () gmail com> wrote:
Hi all, My snort.conf file is set up for unified output. My sysconfig file specifies a lot of things, resulting an invocation of snort init script with the following options -A fast -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort/eth0 I've set snort.conf with line output unified2: filename merged.log, limit 128 I've set up a local-test.rules file that alerts on everything. I can not find the merged.log file anywhere. I can find a snort.log which is filling up with all sorts of data in tcpdump format, due to the -b flag. There's also an alert file which is filling up with text, due to the -A fast option. But where should I be looking for unified2 output? Thanks! - mulhern ------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ See everything from the browser to the database with AppDynamics Get end-to-end visibility with application monitoring from AppDynamics Isolate bottlenecks and diagnose root cause in seconds. Start your free trial of AppDynamics Pro today! http://pubads.g.doubleclick.net/gampad/clk?id=48808831&iu=/4140/ostg.clktrk _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Not getting unified2 output mulhern (Jul 22)
- Re: Not getting unified2 output beenph (Jul 22)
- Re: Not getting unified2 output mulhern (Jul 22)
- Re: Not getting unified2 output beenph (Jul 22)