[Snort-users] snort-1.8.7 and alert file

Erek Adams erek at ...577...
Tue Jul 30 07:34:04 EDT 2002


On Tue, 30 Jul 2002 bthaler at ...2720... wrote:

> OK.  I missed that one, thanks.

No problem.

> Now, since my command-line "-N" is overriding my snort.conf's "output
> log_unified", I'm getting no logging at all.
>
> How do I either specify spo_unified on the command-line, or specify the "-N"
> in snort.conf?

Easy enough:

  http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.12

> (Strangely, I'm getting 30% packet loss now.....interesting)

Hrm...  How much pipe, and how much utilization are you getting?

-----
Erek Adams
Nifty-Type-Guy
TheAdamsFamily.Net





More information about the Snort-users mailing list