[Snort-users] Unified logging doesn't work.

James Lay jlay at ...13475...
Tue Jun 10 18:46:17 EDT 2014


On 2014-06-10 16:43, Steve Crow wrote:
> I don’t question that your command works, my question has to do with
> having snort start at boot. The recommended install docs at
> sourceforge use /etc/init.d/snortd and /etc/sysconfig/snort files. 
> But
> they are not designed for unified output as far as I can tell.
>
> If I go with your command, where do I place it to have snort
> automatically start up at boot time?
>
> Thanks again!
>
> Steve

>
> Well...I don't recognize the sysconfig file but I can tell you that:
>
> snort --daq afpacket --daq-mode passive -i eth0:eth1
>
> Work like a champ and create only one unified file.
>
> James
>
> Currently my /etc/rc.local....but I did my own setup. This is just
> straight command line.
>
> James

Ah...I understand now.  What distro are you runing?

James




More information about the Snort-users mailing list