[Snort-users] Unified logging doesn't work.
Joel Esler (jesler)
jesler at ...589...
Mon Jun 9 16:26:24 EDT 2014
Are you staring Snort with a script?
[ OK ]
type of thing?
If so, the script may be setting it’s own logging method on the command line (which overrides the snort.conf)
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team
On Jun 9, 2014, at 4:19 PM, Steve Crow <scrow at ...16818...<mailto:scrow at ...391...6818...>> wrote:
I am having a similar issue. I am trying to monitor two interfaces.
I have the snort.conf output setup like this:
output unified2: filename merged.log, limit 128,
But I have alert files showing up in each interface directory in plain text.
The /etc/sysconfig/snort file seems to be controlling this, but I don't see
an option for output using unified2 in the sysconfig/snort file, or for
having a merged.log for both interfaces that I can monitor.
Doing a search doesn’t reveal a merged.log either.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users