[Snort-users] Demand of snort output
evilsign at ...11827...
Wed Nov 12 21:49:27 EST 2014
I'm a new guy of snort ...
nowdays I have a demand which I cannot figure out...
I have a PF_RING&DNA ethernet interface with snort&barnyard.My
snort.conf output section is like this:
output unified2: filename merged.log, limit 128, mpls_event_types,
output log_tcpdump: tcpdump.log
Both of merged.log and tcpdump.log only save itmes which is hit rules
in snort.conf.But my demand is, output logs to merged.log which is hit
rules in snort.conf, while output all traffic to tcpdump.log with file size
Is there a possible way I can do that ?
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Snort-users