[Snort-users] Unified logging doesn't work.

Joel Esler (jesler) jesler at ...589...
Mon Jun 9 16:26:24 EDT 2014


Are you staring Snort with a script?

like:

$snort start
[ OK ]

type of thing?

If so, the script may be setting it’s own logging method on the command line (which overrides the snort.conf)

--
Joel Esler
Open Source Manager
Threat Intelligence Team Lead
Vulnerability Research Team

On Jun 9, 2014, at 4:19 PM, Steve Crow <scrow at ...16818...<mailto:scrow at ...391...6818...>> wrote:

I am having a similar issue. I am trying to monitor two interfaces.

I have the snort.conf output setup like this:
output unified2: filename merged.log, limit 128,

But I have alert files showing up in each interface directory in plain text.

The /etc/sysconfig/snort file seems to be controlling this, but I don't see
an option for output using unified2 in the sysconfig/snort file, or for
having a merged.log for both interfaces that I can monitor.

Doing a search doesn’t reveal a merged.log either.

Thank you,
Steve
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140609/27f7826f/attachment.html>


More information about the Snort-users mailing list