Snort mailing list archives
XML output plugin...
From: Peter Bates <peter.bates () lshtm ac uk>
Date: Wed, 27 Jun 2001 18:26:53 +0100
Hello all... I have a snort 1.7 system (Linux, with the original RPM) which runs fine in a 'production' sense, in that it has been snorting away merrily for many months now... I was just fiddling to add use of the XML output plugin, and put: # Outputs output alert_syslog: LOG_AUTH LOG_ALERT output alert_full: alert output xml: alert, file=/var/log/snort/output Which, on restart of snort, generates the error: snort: WARNING: command line overrides rules file logging plugin! Snort continues to log to syslog and to the file alert in /var/log/snort, but I get no XML output... I start snort with: /usr/sbin/snort -u snort -g snort -de -D -o \ -i ethx -N -l /var/log/snort -c /etc/snort-local/snort.conf where the '-N' is to turn off logging of individual 'hosts'. I remove the -N, all is fine, but then I start getting logging of individual systems. Is this something that's a really creaky bug fixed ages ago and part of snort 1.8, or have I configured something completely wrong? Why I'm actually trying to log the same information 3 times is a totally different story, but there you go! _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: http://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- XML output plugin... Peter Bates (Jun 27)