[Snort-users] snort-1.8.7 and alert file

bthaler at ...2720... bthaler at ...2720...
Tue Jul 30 07:44:02 EDT 2002


OK.  Now my snort.conf has this:

output log_null
output log_unified: filename snort.log, limit 128

And logging is back, but so is the alert file.  Sorry if I'm missing something really basic here.

As far as my network utilization, I'm using about 30Mbit of a 45Mbit pipe.





Regards,

Brad T. 




----- Original Message ----- 
From: "Erek Adams" <erek at ...577...>
To: <bthaler at ...2720...>
Cc: <snort-users at lists.sourceforge.net>
Sent: Tuesday, July 30, 2002 10:33 AM
Subject: Re: [Snort-users] snort-1.8.7 and alert file


> On Tue, 30 Jul 2002 bthaler at ...2720... wrote:
> 
> > OK.  I missed that one, thanks.
> 
> No problem.
> 
> > Now, since my command-line "-N" is overriding my snort.conf's "output
> > log_unified", I'm getting no logging at all.
> >
> > How do I either specify spo_unified on the command-line, or specify the "-N"
> > in snort.conf?
> 
> Easy enough:
> 
>   http://www.snort.org/docs/writing_rules/chap2.html#tth_sEc2.5.12
> 
> > (Strangely, I'm getting 30% packet loss now.....interesting)
> 
> Hrm...  How much pipe, and how much utilization are you getting?
> 
> -----
> Erek Adams
> Nifty-Type-Guy
> TheAdamsFamily.Net
> 
> 





More information about the Snort-users mailing list