Snort mailing list archives
Re: Unified logging doesn't work.
From: James Lay <jlay () slave-tothe-box net>
Date: Wed, 11 Jun 2014 13:05:38 -0600
On Wed, 2014-06-11 at 09:02 -0500, Steve Crow wrote:
CentOS6.5 Sorry for the mention of sourceforge, no idea why I put that in there, I meant snort.org. Thank you! Steve -----Original Message----- From: James Lay [mailto:jlay () slave-tothe-box net] Sent: Tuesday, June 10, 2014 5:46 PM To: snort-users () lists sourceforge net Subject: Re: [Snort-users] Unified logging doesn't work. On 2014-06-10 16:43, Steve Crow wrote:I don’t question that your command works, my question has to do with having snort start at boot. The recommended install docs at sourceforge use /etc/init.d/snortd and /etc/sysconfig/snort files. But they are not designed for unified output as far as I can tell. If I go with your command, where do I place it to have snort automatically start up at boot time? Thanks again! SteveWell...I don't recognize the sysconfig file but I can tell you that: snort --daq afpacket --daq-mode passive -i eth0:eth1 Work like a champ and create only one unified file. James Currently my /etc/rc.local....but I did my own setup. This is just straight command line. JamesAh...I understand now. What distro are you runing? James
Ah....I am not familiar with CentOS....certain somebody here has an idea :) James
------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Re: Unified logging doesn't work., (continued)
- Re: Unified logging doesn't work. Joel Esler (jesler) (Jun 09)
- Re: Unified logging doesn't work. Steve Crow (Jun 09)
- Re: Unified logging doesn't work. James Lay (Jun 09)
- Re: Unified logging doesn't work. Steve Crow (Jun 09)
- Re: Unified logging doesn't work. James Lay (Jun 09)
- Re: Unified logging doesn't work. Steve Crow (Jun 09)
- Re: Unified logging doesn't work. James Lay (Jun 09)
- Re: Unified logging doesn't work. Steve Crow (Jun 10)
- Re: Unified logging doesn't work. James Lay (Jun 10)
- Re: Unified logging doesn't work. Steve Crow (Jun 11)
- Re: Unified logging doesn't work. James Lay (Jun 11)
- Re: Unified logging doesn't work. Joel Esler (jesler) (Jun 09)