Re: Problem with unified2 files

[wkitty42 () windstream net]

On 05/07/2018 10:57 PM, joseph m via Snort-users wrote:
> I have noticed that the unified2 files are zero length


if those log files are zero length then at least one of several things is wrong...

  1. your log config section in your conf file... please post it so we can see 
what you are trying to work with...

  2. your command line may be overriding your conf file settings... please post 
it so we can see what you are trying to work with... IF your command is 
executing a script, please post or point us to that script so we can see what it 
is doing... some scripts force some options...

  3. your snort may not be seeing any traffic... are you using "-k none" on 
your command line? give it a try and remember the script comment above... you 
can see if your snort is seeing any traffic by looking at the stats it logs when 
you shut it down... so find your snort log file... on linux, you would generally 
look in /var/log/messages and grep out the snort lines ("snort\[.*\]:")...


we can start there and see what other's may offer...

--
 NOTE: No off-list assistance is given without prior approval.
       *Please keep mailing list traffic on the list unless*
       *a signed and pre-paid contract is in effect with us.*
_______________________________________________
Snort-users mailing list
Snort-users () lists snort org
Go to this URL to change user options or unsubscribe:
https://lists.snort.org/mailman/listinfo/snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!

Please follow these rules: https://snort.org/faq/what-is-the-mailing-list-etiquette