[Snort-users] Snort Ignores Filenames for alert_unified and log_unified?

Eoin Miller eoin.miller at ...14586...
Wed Nov 18 18:15:00 EST 2009


Figured it out,  the Snort Users Manual PDF includes incorrect examples 
under section 2.68 - Unified:

Example
output alert_unified: snort.alert, limit 128
output log_unified: snort.log, limit 128

What you actually need to have is:

output alert_unified: filename snort.alert, limit 128
output log_unified: filename snort.log, limit 128

Then Snort will create the filenames as you want them. The unified2 
section has correct examples.

-- Eoin

Eoin Miller wrote:
> Does Snort just ignore the base filenames set for the alert_unified and
> log_unified options? I have tried this:
>
> ---snort.conf snip---
> output alert_unified: 00-snort.alert, limit 128
> output log_unified: 00-snort.log, limit 128
> ---snort.conf snip---
>
> And these are the filenames I get:
> # ls -1
> snort-unified.alert.1258491654
> snort-unified.log.1258491654
>
> Anyone have these types of issues?
>
> -- Eoin
>
>
> ------------------------------------------------------------------------------
> Let Crystal Reports handle the reporting - Free Crystal Reports 2008 
> 30-Day
> trial. Simplify your report design, integration and deployment - and 
> focus on
> what you do best, core application coding. Discover what's new with
> Crystal Reports now. http://p.sf.net/sfu/bobj-july
> _______________________________________________
> Snort-users mailing list
> Snort-users at lists.sourceforge.net
> Go to this URL to change user options or unsubscribe:
> https://lists.sourceforge.net/lists/listinfo/snort-users
> Snort-users list archive:
> http://www.geocrawler.com/redir-sf.php3?list=snort-users
>
> #
> " This e-mail and any attached documents may contain confidential or 
> proprietary information. If you are not the intended recipient, please 
> advise the sender immediately and delete this e-mail and all attached 
> documents from your computer system. Any unauthorised disclosure, 
> distribution or copying hereof is prohibited."
>
> " Ce courriel et les documents qui y sont attaches peuvent contenir 
> des informations confidentielles. Si vous n'etes pas le destinataire 
> escompte, merci d'en informer l'expediteur immediatement et de 
> detruire ce courriel ainsi que tous les documents attaches de votre 
> systeme informatique. Toute divulgation, distribution ou copie du 
> present courriel et des documents attaches sans autorisation prealable 
> de son emetteur est interdite."
> #





More information about the Snort-users mailing list