[Snort-users] Using ACID AND SnortSnarf - How?

Ralf Spenneberg lists at ...9778...
Fri Dec 12 05:29:01 EST 2003


Am Don, 2003-12-11 um 22.14 schrieb Ralf Henze :
> 1. /usr/local/bin/snort -i ppp0 -i eth1 -i eth0 -c /etc/snort/snort.conf  -l /var/log/snort/  \
>     -A full -u ids -g ids -o -D 
> 
> output alert_unified: filename /var/log/snarf/alert, limit 128
> output log_unified: filename /var/log/snarf/snort.log, limit 128

Last time I looked, Snort disabled all output-plugins defined in the
configuration file when I used -A on the command line. Define the 
full alert output plugin in your configuration file and not on the
commandline and you should be fine.

Cheers,

Ralf
-- 
Ralf Spenneberg
RHCE, RHCX

Book: VPN mit Linux
Book: Intrusion Detection für Linux Server   http://www.spenneberg.com
IPsec-Howto				     http://www.ipsec-howto.org
Honeynet Project Mirror:                     http://honeynet.spenneberg.org




More information about the Snort-users mailing list