[Snort-users] Snort + Barnyard + alert file
r.fulton at ...3809...
Sun May 9 17:33:51 EDT 2010
On 8/05/2010, at 2:24 PM, Vipul M Sawant wrote:
> Hi Fábio
> You can specify unified output option in /etc/snort/snort.conf to create unified files. for example -
> output alert_unified: filename snort.alert, limit 128
> output log_unified: filename snort.log, limit 128
> add these lines to snort.conf start barnyard with options -l /var/log/snort and -f snort.alert
Also be aware that the -A command line flag affects this too. I recently changed fron unfied to unified2 and spent a couple of day tearing my hair out getting it working. The problem was a '-A none' on the command line which was necessary with unified but broke the unified2 stopping it from generating alerts.
More information about the Snort-users