Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unified logging doesn't work.

From: James Lay <jlay () slave-tothe-box net>
Date: Tue, 10 Jun 2014 16:46:17 -0600
On 2014-06-10 16:43, Steve Crow wrote:

I don’t question that your command works, my question has to do with
having snort start at boot. The recommended install docs at
sourceforge use /etc/init.d/snortd and /etc/sysconfig/snort files. 
But
they are not designed for unified output as far as I can tell.

If I go with your command, where do I place it to have snort
automatically start up at boot time?

Thanks again!

Steve




Well...I don't recognize the sysconfig file but I can tell you that:

snort --daq afpacket --daq-mode passive -i eth0:eth1

Work like a champ and create only one unified file.

James

Currently my /etc/rc.local....but I did my own setup. This is just
straight command line.

James


Ah...I understand now.  What distro are you runing?

James

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: