[Snort-users] Snort ->Barnyard2

James Kaufman jmk at ...15089...
Mon Aug 29 23:08:01 EDT 2011


Snort 2.9.1 is running on my CentOS 5.6 server. I compiled snort from 
tarball:

# snort -V

    ,,_     -*> Snort! <*-
   o"  )~   Version 2.9.1 IPv6 GRE (Build 71)
    ''''    By Martin Roesch & The Snort Team: 
http://www.snort.org/snort/snort-team
            Copyright (C) 1998-2011 Sourcefire, Inc., et al.
            Using libpcap version 1.1.1
            Using PCRE version: 6.6 06-Feb-2006
            Using ZLIB version: 1.2.3

# ps -aef|grep snort

snort    31528     1  0 Aug27 ?        00:03:17 /usr/local/bin/snort -b 
-d -D -i eth0 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort

I have this in snort.conf:

# unified2
# Recommended for most installs
output unified2: filename merged.log, limit 128, nostamp

There are no other uncommented output lines.

/var/log/snort has:

# dir -l
total 1168
-rw-r--r-- 1 root  root  676540 Aug 28 09:47 alert
-rw------- 1 snort snort 149779 Aug 27 13:52 snort.log.1314471019
-rw------- 1 snort snort 339181 Aug 28 09:47 snort.log.1314471620


Why aren't I seeing a file named merged.log?




More information about the Snort-users mailing list