[Snort-users] Unified 2 not working. I need help.

Matthew White on3moda at ...11827...
Fri Jan 22 15:33:59 EST 2016


1. The specified unified 2 log is not being created.
2. Instead I get the snort.log.date (tcpdump) default and alerts.
3. snort.conf - output unified2: filename internal.u2, limit 128,
vlan_event_types
4. running snort with sudo /usr/local/bin/snort -D -q -i eth3 -F
/etc/snort/internalbpf.filter -c
/usr/src/snort-2.9.8.0/etc/snort.conf.internal -u snort
5. No errors or warnings when grep from /var/log/messages
6. Running RHEL 6
7. Installed and compiled from source
8. Snort has rwx for /var/log/snort
9. Deleted all logs
10. Since this was installed from a tarball no file /etc/sysconfig/snort
exists.
11. tail -f alerts and snort.log are working great.
12. Manually made /etc/sysconfig/snort with the following with no success
as well.

# /etc/sysconfig/snort
# $Id:
#### General Configuration
INTERFACE=eth2
CONF=/(Path to)/snort.conf
USER=snort
GROUP=snort
PASS_FIRST=0
#### Logging & Alerting
LOGDIR=/var/log/snort
ALERTMODE=fast
DUMP_APP=1
BINARY_LOG=1
NO_PACKET_LOG=0
PRINT_INTERFACE=0
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.snort.org/pipermail/snort-users/attachments/20160122/3a2162b7/attachment.html>


More information about the Snort-users mailing list