[Snort-users] XML output plugin...
peter.bates at ...79...
Wed Jun 27 13:26:53 EDT 2001
I have a snort 1.7 system (Linux, with the original RPM)
which runs fine in a 'production' sense, in that it has
been snorting away merrily for many months now...
I was just fiddling to add use of the XML output plugin, and
output alert_syslog: LOG_AUTH LOG_ALERT
output alert_full: alert
output xml: alert, file=/var/log/snort/output
Which, on restart of snort, generates the error:
snort: WARNING: command line overrides rules file logging plugin!
Snort continues to log to syslog and to the file
alert in /var/log/snort, but I get no XML output...
I start snort with:
/usr/sbin/snort -u snort -g snort -de -D -o \
-i ethx -N -l /var/log/snort -c /etc/snort-local/snort.conf
where the '-N' is to turn off logging of individual 'hosts'.
I remove the -N, all is fine, but then I start getting logging
of individual systems.
Is this something that's a really creaky bug
fixed ages ago and part of snort 1.8, or
have I configured something completely wrong?
Why I'm actually trying to log the same information
3 times is a totally different story, but there you go!
More information about the Snort-users