[Snort-users] Demand of snort output

XSign evilsign at ...11827...
Wed Nov 12 21:49:27 EST 2014


Hi there,
    I'm a new guy of snort ...
    nowdays I have a demand which I cannot figure out...
    I have a PF_RING&DNA ethernet interface with snort&barnyard.My
snort.conf output section is like this:
    output unified2: filename merged.log, limit 128, mpls_event_types,
vlan_event_types
    output log_tcpdump: tcpdump.log
    Both of merged.log and tcpdump.log only save itmes which is hit rules
in snort.conf.But my demand is, output logs to merged.log which is hit
rules in snort.conf, while output all traffic to tcpdump.log with file size
limit.
    Is there a possible way I can do that ?
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20141113/7589ee54/attachment.html>


More information about the Snort-users mailing list