[Snort-users] Barnyard2 configuration and event generation

waldo kitty wkitty42 at ...14940...
Wed Dec 19 20:41:27 EST 2012


On 12/19/2012 15:05, Steve Marotta wrote:
> Ah, excellent. So what I'm interested in are the alerts. I looked in /var/log/snort as well as the directory I specified as my logfile directory, and I didn't see any recent alert files. Did I inadvertently disable them in my conf file, or is there another place I should be looking?

there is only one alert file that i'm aware of... it is not serialized like the 
pcaps and u2 files... at least not that i've ever seen in the years i've been 
using snort...

as for disabling it, that's something i haven't yet found out... in our 
installs, it seems to be a default enabled file...





More information about the Snort-users mailing list