[Snort-devel] 2.9.2-1 - Missing Alerts in Unified2 - Partial Alert in Unified
Michael R Gilliam
techsavvy at ...3250...
Thu Feb 2 11:45:22 EST 2012
Has anyone expereinced an issue that occurs when having output directed to two destinations, both a unified format and unified2 format, there are partial alerts that show up in the unified file (alert, but no packet/session data) and the alert and packet/session data is completely missing out of the unified2 file? Otherwise, for the most part (99% of the time), all alerts and packets/session data match .
snort.conf output is set up as
output unified2: filename snort.log, limit 128
output alert_unified:filename /var/log/snort/log2.alert, limit 128
output log_unified: filename /var/log/snort/log2.log, limit 128
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-devel