[Snort-users] snort - unified2 formart
Michael Mittentag
michael.mittentag at ...11827...
Wed Jun 11 10:30:46 EDT 2014
I am running the latest version of snort
snort-2.9.6.1-1.x86_64
in /etc/snort/snort.conf
I added this and commented out the other lines:
output unified2: filename snort.u2, limit 128
if I try to start snort using the /etc/init.d/snortd script it runs it as:
/usr/sbin/snort -A fast -b -d -D -i eth0 -u snort -g snort -c
/etc/snort/snort.conf -l /var/log/snort
and I never see those snort u2 files instead I see:
/var/log/snort/snort.log.xxxxxxxxxxx
and barnyard2 seems to have an issue with reading those files.
If i manually run snort form (/usr/sbin/snort -c /etc/snort/snort.conf)
without any options it then creates the right file type
/var/log/snort/snort.u2.xxxxxxxx
It is almost like it is not reading /etc/snort/snort.conf?
If anyone has any ideas that would be great.
Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140611/b51d5ec9/attachment.html>
More information about the Snort-users
mailing list