[Snort-users] Unable to configure unified2 output

Mike Lococo mikelococo at ...11827...
Wed Mar 31 11:08:01 EDT 2010


Nick,

>> I recently attempted to migrate to merged alert/log unified2 output
>> using the following config:
>
> I would recommend simply using the unified2 logger and then creating all
> of your output from Barnyard2. The whole reason that the unified output
> was created was to fork off most of the output processes so that Snort
> could process packets faster.
>
> If you read through the barnyard2.conf file in the installed code,
> you'll find lots of output options there.

Thanks for your response, but I think I might have been unclear in my 
original post.  I'm _trying_ to configure unified2 per the instructions 
in the barnyard2 docs, and it's not working (I get the default 
log_tcpdump behavior instead, as though I had no output module configured).

I'm not actually trying to get log_unified2 or log_unified output at 
all... I only documented those tests to demonstrate that the rest of my 
snort infrastructure is functional, because they both behave as expected.

Thanks,
Mike Lococo




More information about the Snort-users mailing list