[Snort-sigs] Unified output for barnyard
halljer at ...1195...
Thu Sep 4 14:17:06 EDT 2003
Could you give us an example of your snort.conf?
Here's what ours looks like:
output alert_unified: filename unified.alert, limit 512
output log_unified: filename unified.log, limit 512
>>> Michael Miller <michael.miller at ...1811...> 9/4/2003 3:19:44 PM
I must be missing something BIG, but I'm trying to get snort to output
unified format (for Barnyard) and I keep getting either Snort's
Ascii/IPaddress-per-folder or TCPdump format. I've got the unified
post-processor uncommented, and I've GOOGLED, but I can't, for the life
me, figure out how to produce the unified alert and log files. (using
latest current stable version of snort from the CVS tree.)
More information about the Snort-sigs