[Snort-users] Unable to configure unified2 output
mikelococo at ...11827...
Wed Mar 31 11:08:01 EDT 2010
>> I recently attempted to migrate to merged alert/log unified2 output
>> using the following config:
> I would recommend simply using the unified2 logger and then creating all
> of your output from Barnyard2. The whole reason that the unified output
> was created was to fork off most of the output processes so that Snort
> could process packets faster.
> If you read through the barnyard2.conf file in the installed code,
> you'll find lots of output options there.
Thanks for your response, but I think I might have been unclear in my
original post. I'm _trying_ to configure unified2 per the instructions
in the barnyard2 docs, and it's not working (I get the default
log_tcpdump behavior instead, as though I had no output module configured).
I'm not actually trying to get log_unified2 or log_unified output at
all... I only documented those tests to demonstrate that the rest of my
snort infrastructure is functional, because they both behave as expected.
More information about the Snort-users