[Snort-users] Unified logging doesn't work.
jlay at ...13475...
Mon Jun 9 16:28:10 EDT 2014
On 2014-06-09 14:19, Steve Crow wrote:
> I am having a similar issue. I am trying to monitor two interfaces.
> I have the snort.conf output setup like this:
> output unified2: filename merged.log, limit 128,
> But I have alert files showing up in each interface directory in
> The /etc/sysconfig/snort file seems to be controlling this, but I
> don't see
> an option for output using unified2 in the sysconfig/snort file, or
> having a merged.log for both interfaces that I can monitor.
> Doing a search doesn’t reveal a merged.log either.
> Thank you,
How are you monitoring both interfaces?
More information about the Snort-users