[Snort-users] Unable to configure unified2 output

Mike Lococo mikelococo at ...11827...
Wed Mar 31 12:57:05 EDT 2010


>>     sudo /usr/local/bin/snort -m 007 -A none -d -i dag1:0 -u snort \
>>     -g snort -c /etc/snort/snort0.conf -l /var/log/snort/dag1:0 \
>>     -F /etc/snort/snort.bpf
>
> Lose the -A none

That fixes it... and makes me feel fairly silly to boot.  Thanks so much.

I had tested various values of -A, but hadn't thought to omit it 
entirely.  I was also under the mistaken impression that -A controlled a 
different output facility that was unrelated to conf-file output 
modules... which clearly isn't the case.

Given the variety of ways to configure output, it might be nice if snort 
echoed some of its thought process during startup along with the 
"Initializing Output Plugins!" message.

Best regards,
Mike Lococo




More information about the Snort-users mailing list