[Snort-users] Unable to configure unified2 output
mikelococo at ...11827...
Wed Mar 31 12:57:05 EDT 2010
>> sudo /usr/local/bin/snort -m 007 -A none -d -i dag1:0 -u snort \
>> -g snort -c /etc/snort/snort0.conf -l /var/log/snort/dag1:0 \
>> -F /etc/snort/snort.bpf
> Lose the -A none
That fixes it... and makes me feel fairly silly to boot. Thanks so much.
I had tested various values of -A, but hadn't thought to omit it
entirely. I was also under the mistaken impression that -A controlled a
different output facility that was unrelated to conf-file output
modules... which clearly isn't the case.
Given the variety of ways to configure output, it might be nice if snort
echoed some of its thought process during startup along with the
"Initializing Output Plugins!" message.
More information about the Snort-users