[Snort-users] Unified logging doesn't work.
jlay at ...13475...
Tue Jun 10 18:46:17 EDT 2014
On 2014-06-10 16:43, Steve Crow wrote:
> I don’t question that your command works, my question has to do with
> having snort start at boot. The recommended install docs at
> sourceforge use /etc/init.d/snortd and /etc/sysconfig/snort files.
> they are not designed for unified output as far as I can tell.
> If I go with your command, where do I place it to have snort
> automatically start up at boot time?
> Thanks again!
> Well...I don't recognize the sysconfig file but I can tell you that:
> snort --daq afpacket --daq-mode passive -i eth0:eth1
> Work like a champ and create only one unified file.
> Currently my /etc/rc.local....but I did my own setup. This is just
> straight command line.
Ah...I understand now. What distro are you runing?
More information about the Snort-users