Snort mailing list archives
2.8.1 or 2.8.2rc1: cannot configure custom output
From: Philippe Strauss <philou () philou ch>
Date: Fri, 9 May 2008 17:33:19 +0200
Hello snort users, Using those 2 snort versions, I cannot figure out how to make works the following type of output: # DEFAULT in vanilla config: works #output alert_syslog: LOG_AUTH LOG_ALERT # DOESNT WORKS: still log in auth #output alert_syslog: log_local7 log_info # DOESNT WORKS: still logs via syslog in auth #output alert_unified: filename snort.alert, limit 128 # WORKS #output log_unified: filename snort.log, limit 128 # DOESNT WORKS #output unified2: filename snort.u2 #output log_unified2: filename snort.lu2 #output alert_unified: filename snort.au # DOESNT WORKS output alert_csv: snort.csv msg,proto,timestamp,src,srcport,dst,dstport # WORKS output log_unified: filename snort.lu The rest of my config is like the example shipped in the tarball, excet for the $HOME networks list and the rules path What am'I missing? TIA -- Philippe Strauss philou () philou ch ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users
Current thread:
- 2.8.1 or 2.8.2rc1: cannot configure custom output Philippe Strauss (May 09)