[Snort-devel] unified and unified2 docs

Jeff Dell jdell at ...2429...
Sun Oct 28 22:34:49 EDT 2007


In snort_manual.pdf both unified and unified2 output format are incorrect.
The docs are missing the keyword "filename" before the filename. Snort.conf
is correct, but only has an example for unified and not unified2. Oh and
while you are at it.. you misspelled log_unified2 in section 2.4.9. 

 

Here is the format that is in the snort.manual.pdf:

 

output alert_unified: snort.alert, limit 128

output alert_unified2: snort.alert, limit 128, nostamp

 

 

Here is the correct format:

 

output alert_unified: filename snort.alert, limit 128

output alert_unified2: filename snort.alert, limit 128, nostamp

 

Cheers,

Jeff

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-devel/attachments/20071028/1bee148c/attachment.html>


More information about the Snort-devel mailing list