[Snort-users] Snort + Barnyard + alert file

Russell Fulton r.fulton at ...3809...
Sun May 9 17:33:51 EDT 2010


On 8/05/2010, at 2:24 PM, Vipul M Sawant wrote:

> Hi Fábio
> 
> You can specify unified output option in /etc/snort/snort.conf to create unified files. for example -
> 
> output alert_unified: filename snort.alert, limit 128
> output log_unified: filename snort.log, limit 128
> 
> add these lines to snort.conf start barnyard with options -l /var/log/snort and -f snort.alert
> 

Also be aware that the -A command line flag affects this too.  I recently changed fron unfied to unified2 and spent a couple of day tearing my hair out getting it working.  The problem was a '-A none' on the command line which was necessary with unified but broke the unified2 stopping it from generating alerts.

Russell





More information about the Snort-users mailing list