[Snort-users] Demand of snort output

XSign evilsign at ...11827...
Wed Nov 12 21:49:27 EST 2014

Hi there,
    I'm a new guy of snort ...
    nowdays I have a demand which I cannot figure out...
    I have a PF_RING&DNA ethernet interface with snort&barnyard.My
snort.conf output section is like this:
    output unified2: filename merged.log, limit 128, mpls_event_types,
    output log_tcpdump: tcpdump.log
    Both of merged.log and tcpdump.log only save itmes which is hit rules
in snort.conf.But my demand is, output logs to merged.log which is hit
rules in snort.conf, while output all traffic to tcpdump.log with file size
    Is there a possible way I can do that ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141113/7589ee54/attachment.html>

More information about the Snort-users mailing list