[Snort-users] Snort-users Digest, Vol 42, Issue 21

Marcos Rodriguez mrodriguez at ...1935...
Tue Nov 17 18:07:52 EST 2009


>
> Message: 2
> Date: Tue, 17 Nov 2009 16:29:11 -0500
> From: Eoin Miller <eoin.miller at ...14586...>
> Subject: [Snort-users] Snort Ignores Filenames for alert_unified and
>        log_unified?
> To: Snort-users at lists.sourceforge.net
> Message-ID: <4B0315A7.4010104 at ...14586...>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> Does Snort just ignore the base filenames set for the alert_unified and
> log_unified options? I have tried this:
>
> ---snort.conf snip---
> output alert_unified: 00-snort.alert, limit 128
> output log_unified: 00-snort.log, limit 128
> ---snort.conf snip---
>
> And these are the filenames I get:
> # ls -1
> snort-unified.alert.1258491654
> snort-unified.log.1258491654
>
> Anyone have these types of issues?
>
> -- Eoin
>
>
Hi Eoin,

You need to use the filename option, i.e.

output alert_unified: filename 00-snort.alert, limit 128
output log_unified: filename 00-snort.log, limit 128

Thanks!

Marcos
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20091117/99ec8094/attachment.html>


More information about the Snort-users mailing list