[Snort-users] Problem with unified2 files

wkitty42 at windstream.net wkitty42 at windstream.net
Thu May 10 10:32:29 EDT 2018

On 05/07/2018 10:57 PM, joseph m via Snort-users wrote:
> I have noticed that the unified2 files are zero length

if those log files are zero length then at least one of several things is wrong...

   1. your log config section in your conf file... please post it so we can see 
what you are trying to work with...

   2. your command line may be overriding your conf file settings... please post 
it so we can see what you are trying to work with... IF your command is 
executing a script, please post or point us to that script so we can see what it 
is doing... some scripts force some options...

   3. your snort may not be seeing any traffic... are you using "-k none" on 
your command line? give it a try and remember the script comment above... you 
can see if your snort is seeing any traffic by looking at the stats it logs when 
you shut it down... so find your snort log file... on linux, you would generally 
look in /var/log/messages and grep out the snort lines ("snort\[.*\]:")...

we can start there and see what other's may offer...

  NOTE: No off-list assistance is given without prior approval.
        *Please keep mailing list traffic on the list unless*
        *a signed and pre-paid contract is in effect with us.*

More information about the Snort-users mailing list