Snort mailing list archives
Re: Unified logging doesn't work.
From: "Joel Esler (jesler)" <jesler () cisco com>
Date: Mon, 9 Jun 2014 20:26:24 +0000
Are you staring Snort with a script? like: $snort start [ OK ] type of thing? If so, the script may be setting it’s own logging method on the command line (which overrides the snort.conf) -- Joel Esler Open Source Manager Threat Intelligence Team Lead Vulnerability Research Team On Jun 9, 2014, at 4:19 PM, Steve Crow <scrow () amarilloheartgroup com<mailto:scrow () amarilloheartgroup com>> wrote: I am having a similar issue. I am trying to monitor two interfaces. I have the snort.conf output setup like this: output unified2: filename merged.log, limit 128, But I have alert files showing up in each interface directory in plain text. The /etc/sysconfig/snort file seems to be controlling this, but I don't see an option for output using unified2 in the sysconfig/snort file, or for having a merged.log for both interfaces that I can monitor. Doing a search doesn’t reveal a merged.log either. Thank you, Steve
------------------------------------------------------------------------------ HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data. Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems
_______________________________________________ Snort-users mailing list Snort-users () lists sourceforge net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users Please visit http://blog.snort.org to stay current on all the latest Snort news!
Current thread:
- Unified logging doesn't work. Hadri Rahman (Jun 05)
- Re: Unified logging doesn't work. Steve Crow (Jun 09)
- Re: Unified logging doesn't work. Joel Esler (jesler) (Jun 09)
- Re: Unified logging doesn't work. Steve Crow (Jun 09)
- Re: Unified logging doesn't work. James Lay (Jun 09)
- Re: Unified logging doesn't work. Steve Crow (Jun 09)
- Re: Unified logging doesn't work. James Lay (Jun 09)
- Re: Unified logging doesn't work. Steve Crow (Jun 09)
- Re: Unified logging doesn't work. James Lay (Jun 09)
- Re: Unified logging doesn't work. Steve Crow (Jun 10)
- Re: Unified logging doesn't work. James Lay (Jun 10)
- Re: Unified logging doesn't work. Steve Crow (Jun 11)
- Re: Unified logging doesn't work. James Lay (Jun 11)
- Re: Unified logging doesn't work. Joel Esler (jesler) (Jun 09)
- Re: Unified logging doesn't work. Steve Crow (Jun 09)