Snort mailing list archives
Re: snort - unified2 formart
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Wed, 11 Jun 2014 14:44:47 +0000
You have "-A fast -b” on the command line. This overrides your output directive in the snort.conf -- Joel Esler Open Source Manager Threat Intelligence Team Lead Vulnerability Research Team On Jun 11, 2014, at 10:30 AM, Michael Mittentag <michael.mittentag () gmail com<mailto:michael.mittentag () gmail com>> wrote: I am running the latest version of snort snort-2.9.6.1-1.x86_64 in /etc/snort/snort.conf I added this and commented out the other lines: output unified2: filename snort.u2, limit 128 if I try to start snort using the /etc/init.d/snortd script it runs it as: /usr/sbin/snort -A fast -b -d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort and I never see those snort u2 files instead I see: /var/log/snort/snort.log.xxxxxxxxxxx and barnyard2 seems to have an issue with reading those files. If i manually run snort form (/usr/sbin/snort -c /etc/snort/snort.conf) without any options it then creates the right file type /var/log/snort/snort.u2.xxxxxxxx It is almost like it is not reading /etc/snort/snort.conf? If anyone has any ideas that would be great. Thanks ------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- snort - unified2 formart Michael Mittentag (Jun 11)
- Re: snort - unified2 formart Joel Esler (jesler) (Jun 11)
- Re: snort - unified2 formart Michael Mittentag (Jun 11)
- Re: snort - unified2 format Steve Crow (Jun 11)
- Re: snort - unified2 formart Michael Mittentag (Jun 11)
- <Possible follow-ups>
- Re: snort - unified2 formart Y M (Jun 11)
- Re: snort - unified2 formart Joel Esler (jesler) (Jun 11)