[Snort-users] Unified logging doesn't work.

Steve Crow scrow at ...16818...
Wed Jun 11 10:02:11 EDT 2014


Sorry for the mention of sourceforge, no idea why I put that in there, I meant snort.org.

Thank you!


-----Original Message-----
From: James Lay [mailto:jlay at ...13475...] 
Sent: Tuesday, June 10, 2014 5:46 PM
To: snort-users at lists.sourceforge.net
Subject: Re: [Snort-users] Unified logging doesn't work.

On 2014-06-10 16:43, Steve Crow wrote:
> I don’t question that your command works, my question has to do with 
> having snort start at boot. The recommended install docs at 
> sourceforge use /etc/init.d/snortd and /etc/sysconfig/snort files.
> But
> they are not designed for unified output as far as I can tell.
> If I go with your command, where do I place it to have snort 
> automatically start up at boot time?
> Thanks again!
> Steve

> Well...I don't recognize the sysconfig file but I can tell you that:
> snort --daq afpacket --daq-mode passive -i eth0:eth1
> Work like a champ and create only one unified file.
> James
> Currently my /etc/rc.local....but I did my own setup. This is just 
> straight command line.
> James

Ah...I understand now.  What distro are you runing?


HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems _______________________________________________
Snort-users mailing list
Snort-users at lists.sourceforge.net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

More information about the Snort-users mailing list