[Snort-users] Unified logging doesn't work.
Steve Crow
scrow at ...16818...
Mon Jun 9 16:19:34 EDT 2014
I am having a similar issue. I am trying to monitor two interfaces.
I have the snort.conf output setup like this:
output unified2: filename merged.log, limit 128,
But I have alert files showing up in each interface directory in plain text.
The /etc/sysconfig/snort file seems to be controlling this, but I don't see
an option for output using unified2 in the sysconfig/snort file, or for
having a merged.log for both interfaces that I can monitor.
Doing a search doesn’t reveal a merged.log either.
Thank you,
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140609/c3e1924e/attachment.html>
More information about the Snort-users
mailing list