Snort mailing list archives
Re: output config
From: "Carter Waxman (cwaxman)" <cwaxman () cisco com>
Date: Tue, 16 Jun 2015 13:37:29 +0000
Right. Specifying an output plugin on the command line enables the one specified and disables any plugin you have enabled in your config. Try removing -A fast. On 6/16/15, 6:13 AM, "Laszlo Toth" <laszlo.toth () linguamatics com> wrote:
Hi Carter, -A fast is already specified. The snort command running is /usr/sbin/snort -A fast -b -d -D -i br0 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort Thanks, Laszlo Monday, June 15, 2015, 11:46:20 AM, you wrote:³-A fast² will override the configured output plugin.Thanks, CarterOn 6/12/15, 6:38 AM, "Laszlo Toth" <laszlo.toth () linguamatics com> wrote:Hi, I'm trying to change the way how snort logs the alerts but it looks like my changes are being ignored. The corresponding entries in snort.conf: output alert_unified2: filename alert, limit 12800, nostamp output alert_unified2: filename alert_test, limit 5, nostamp The result is still the default behaviour. Alert is rotated after 128MB written and nothing is logged to alert_test. The snort command is /usr/sbin/snort -A fast -b -d -D -i br0 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort What am I missing? Thanks, Laszlo ------------------------------------------------------------------------ -- ---- _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
------------------------------------------------------------------------------ _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- output config Laszlo Toth (Jun 12)
- Re: output config Carter Waxman (cwaxman) (Jun 15)
- Re: output config Laszlo Toth (Jun 16)
- Re: output config Carter Waxman (cwaxman) (Jun 16)
- Re: output config Laszlo Toth (Jun 16)
- Re: output config Laszlo Toth (Jun 16)
- Re: output config Carter Waxman (cwaxman) (Jun 15)