[Snort-users] Unified logging doesn't work.

James Lay jlay at ...13475...
Wed Jun 11 15:05:38 EDT 2014


On Wed, 2014-06-11 at 09:02 -0500, Steve Crow wrote:

> CentOS6.5
> 
> Sorry for the mention of sourceforge, no idea why I put that in there, I meant snort.org.
> 
> Thank you!
> 
> Steve
> 
> -----Original Message-----
> From: James Lay [mailto:jlay at ...13475...] 
> Sent: Tuesday, June 10, 2014 5:46 PM
> To: snort-users at lists.sourceforge.net
> Subject: Re: [Snort-users] Unified logging doesn't work.
> 
> On 2014-06-10 16:43, Steve Crow wrote:
> > I don’t question that your command works, my question has to do with 
> > having snort start at boot. The recommended install docs at 
> > sourceforge use /etc/init.d/snortd and /etc/sysconfig/snort files.
> > But
> > they are not designed for unified output as far as I can tell.
> >
> > If I go with your command, where do I place it to have snort 
> > automatically start up at boot time?
> >
> > Thanks again!
> >
> > Steve
> 
> >
> > Well...I don't recognize the sysconfig file but I can tell you that:
> >
> > snort --daq afpacket --daq-mode passive -i eth0:eth1
> >
> > Work like a champ and create only one unified file.
> >
> > James
> >
> > Currently my /etc/rc.local....but I did my own setup. This is just 
> > straight command line.
> >
> > James
> 
> Ah...I understand now.  What distro are you runing?
> 
> James
> 


Ah....I am not familiar with CentOS....certain somebody here has an
idea :)

James

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140611/5fd53c22/attachment.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: face-smile.png
Type: image/png
Size: 925 bytes
Desc: not available
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20140611/5fd53c22/attachment.png>


More information about the Snort-users mailing list