Home page logo

snort logo Snort mailing list archives

Re: snort, barnyard, and base
From: waldo kitty <wkitty42 () windstream net>
Date: Thu, 30 May 2013 14:26:35 -0400

On 5/29/2013 23:18, beenph wrote:
On Wed, May 29, 2013 at 7:55 PM, waldo kitty<wkitty42 () windstream net>  wrote:
On 5/29/2013 13:26, beenph wrote:
remove -b  from snort command line, this is binary logging and will
overwride your snort.conf output unified2 configuration.

Binary logging will output log in pcap format.

erk! is there no way to retain the default binary logging and have unified2 as
well? is the answer simply to define both in the conf and forego the command
line options?

output tcpdump: xxxxx
output unified2: xxxxxx

So yes and use different file prefix, but at this point, the packets
triggered from events and
tagged packets are in the unified2 file if you use output unified2.

thank you for your response... it helps to move further along with another 

You can also allways uses the tool that come with snort source called
u2boat to create pcap files from unified2 files.

yeah, that's not gonna fly with this other project... at least not for a while 
yet... possibly... maybe...

NOTE: No off-list assistance is given without prior approval.
       Please keep mailing list traffic on the list unless
       private contact is specifically requested and granted.

Introducing AppDynamics Lite, a free troubleshooting tool for Java/.NET
Get 100% visibility into your production application - at no cost.
Code-level diagnostics for performance bottlenecks with <2% overhead
Download for free and get started troubleshooting in minutes.
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
Snort-users list archive:

Please visit http://blog.snort.org to stay current on all the latest Snort news!

  By Date           By Thread  

Current thread:
[ Nmap | Sec Tools | Mailing Lists | Site News | About/Contact | Advertising | Privacy ]