[Snort-sigs] Unified output for barnyard

Dusty Hall halljer at ...1195...
Thu Sep 4 14:17:06 EDT 2003


Michael,

  Could you give us an example of your snort.conf?

  Here's what ours looks like:

output alert_unified: filename unified.alert, limit 512
output log_unified: filename unified.log, limit 512


-Dusty



>>> Michael Miller <michael.miller at ...1811...> 9/4/2003 3:19:44 PM
>>>
I must be missing something BIG, but I'm trying to get snort to output
in
unified format (for Barnyard) and I keep getting either Snort's
Ascii/IPaddress-per-folder or TCPdump format. I've got the unified
output
post-processor uncommented, and I've GOOGLED, but I can't, for the life
of
me, figure out how to produce the unified alert and log files. (using
the
latest current stable version of snort from the CVS tree.)




More information about the Snort-sigs mailing list