[Snort-users] 0 byte unifed log output

James Lay jlay at ...13475...
Wed Apr 24 12:44:11 EDT 2013


On 2013-04-24 09:52, John Ainsworth wrote:
> Hi
>
> Im pulling my hair out on this problem
>
> I have installed Snort on Ubunutu 12.04 , 2 nics eth0 used for
> management eth1 is receiving traffic that is coming into our firewall
> via SPAN on the switch

0 byte u2 files mean no alerts happened.  Have you set something like:

output alert_fast: snortalert.fast

in your snort.conf to verify that you're getting alerts at all?

James




More information about the Snort-users mailing list