[Snort-users] Unified logging doesn't work.

James Lay jlay at ...13475...
Mon Jun 9 20:51:05 EDT 2014


On Mon, 2014-06-09 at 16:47 -0500, Steve Crow wrote:

> What script does that line go into?
> I don't think I have seen it in the many googled documents that I have been
> reviewing.
> 
> Steve
> 
> 
> -----Original Message-----
> From: James Lay [mailto:jlay at ...13475...] 
> Sent: Monday, June 09, 2014 4:20 PM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Unified logging doesn't work.
> 
> On 2014-06-09 15:16, Steve Crow wrote:
> > In the /etc/sysconfig/snort file there is this:
> >
> > #### General Configuration
> >
> > # What interface should snort listen on?  [Pick only 1 of the next 3!] 
> > # This is -i {interface} on the command line # This is the snort.conf 
> > config interface: {interface} directive # INTERFACE=eth0 # # The 
> > following two options are not directly supported on the command line # 
> > or in the conf file and assume the same Snort configuration for all # 
> > instances # # To listen on all interfaces use this:
> > #INTERFACE=ALL
> > #
> > # To listen only on given interfaces use this:
> > INTERFACE="eth0 eth1"
> >
> > -----------------
> >
> > I included the full text in a reply to Joel. I am considering changing 
> > this to ALL if Barnyard2 will work with a single unified file that 
> > covers more than one interface. We're not a high bandwidth operation, 
> > so I don't think I need to configure separate processes and 
> > configuration files for each interface.
> >
> > Steve
> 
> Well...I don't recognize the sysconfig file but I can tell you that:
> 
> snort --daq afpacket --daq-mode passive -i eth0:eth1
> 
> Work like a champ and create only one unified file.
> 
> James
> 


Currently my /etc/rc.local....but I did my own setup.  This is just
straight command line.

James

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140609/a244f3b8/attachment.html>


More information about the Snort-users mailing list