[Snort-users] can't log to merged.log file in unified2 format in Version 126.96.36.199
aberndt at ...15761...
Mon Apr 10 05:58:48 EDT 2017
I have a problem to activate logging to merged.log file in unified2 format,
but not with separated logfiles snort.alert and snort.u2?!
It worked with the same config in Version 188.8.131.52 with no problems.
Snort started with following options:
? /usr/sbin/snort -d -D -i eth4 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort
Config setup for merged logfile:
? output unified2: filename merged.u2, limit 128, nostamp
? generate 2 files (alert, snort.log.timestamp) in pcap format
Config for separated logfiles:
? output alert_unified2: filename snort.alert, limit 128, nostamp
? output log_unified2: filename snort.u2, limit 128, nostamp
? generate 2 files (snort.alert, snort.u2) in unified2 format
More information about the Snort-users