[Snort-users] XML output plugin...

Peter Bates peter.bates at ...79...
Wed Jun 27 13:26:53 EDT 2001

Hello all...

I have a snort 1.7 system (Linux, with the original RPM)
which runs fine in a 'production' sense, in that it has
been snorting away merrily for many months now...

I was just fiddling to add use of the XML output plugin, and

# Outputs
output alert_syslog: LOG_AUTH LOG_ALERT
output alert_full: alert
output xml: alert, file=/var/log/snort/output

Which, on restart of snort, generates the error:

snort: WARNING: command line overrides rules file logging plugin!

Snort continues to log to syslog and to the file
alert in /var/log/snort, but I get no XML output...

I start snort with:

/usr/sbin/snort -u snort -g snort -de -D -o \
-i ethx -N -l /var/log/snort -c /etc/snort-local/snort.conf

where the '-N' is to turn off logging of individual 'hosts'.

I remove the -N, all is fine, but then I start getting logging
of individual systems.

Is this something that's a really creaky bug
fixed ages ago and part of snort 1.8, or
have I configured something completely wrong?

Why I'm actually trying to log the same information
3 times is a totally different story, but there you go!

More information about the Snort-users mailing list