[Snort-users] Unified logging doesn't work.

James Lay jlay at ...13475...
Mon Jun 9 16:28:10 EDT 2014


On 2014-06-09 14:19, Steve Crow wrote:
> I am having a similar issue. I am trying to monitor two interfaces.
>
> I have the snort.conf output setup like this:
> output unified2: filename merged.log, limit 128,
>
> But I have alert files showing up in each interface directory in 
> plain
> text.
>
> The /etc/sysconfig/snort file seems to be controlling this, but I
> don't see
> an option for output using unified2 in the sysconfig/snort file, or
> for
> having a merged.log for both interfaces that I can monitor.
>
> Doing a search doesn’t reveal a merged.log either.
>
> Thank you,
>
> Steve

How are you monitoring both interfaces?




More information about the Snort-users mailing list