[Snort-users] can't log to merged.log file in unified2 format in Version 2.9.9.0

Berndt, Achim aberndt at ...15761...
Mon Apr 10 05:58:48 EDT 2017


Hello,

I have a problem to activate logging to merged.log file in unified2 format,
but not with separated logfiles snort.alert and snort.u2?!
It worked with the same config in Version 2.9.8.3 with no problems.
Snort started with following options:

? /usr/sbin/snort -d -D -i eth4 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort
Config setup for merged logfile:

? output unified2: filename merged.u2, limit 128, nostamp

? generate 2 files (alert, snort.log.timestamp) in pcap format
Config for separated logfiles:

? output alert_unified2: filename snort.alert, limit 128, nostamp

? output log_unified2: filename snort.u2, limit 128, nostamp

? generate 2 files (snort.alert, snort.u2) in unified2 format
Any ideas?

Regards
Achim



More information about the Snort-users mailing list