Snort mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Unified logging doesn't work.

From: "Steve Crow" <scrow () amarilloheartgroup com>
Date: Mon, 9 Jun 2014 16:16:36 -0500
In the /etc/sysconfig/snort file there is this:

#### General Configuration

# What interface should snort listen on?  [Pick only 1 of the next 3!]
# This is -i {interface} on the command line
# This is the snort.conf config interface: {interface} directive
# INTERFACE=eth0
#
# The following two options are not directly supported on the command line
# or in the conf file and assume the same Snort configuration for all
# instances
#
# To listen on all interfaces use this:
#INTERFACE=ALL
#
# To listen only on given interfaces use this:
INTERFACE="eth0 eth1"

-----------------

I included the full text in a reply to Joel. I am considering changing this to ALL if Barnyard2 will work with a single 
unified file that covers more than one interface. We're not a high bandwidth operation, so I don't think I need to 
configure separate processes and configuration files for each interface.

Steve 


-----Original Message-----
From: James Lay [mailto:jlay () slave-tothe-box net] 
Sent: Monday, June 09, 2014 3:28 PM
To: snort-users () lists sourceforge net
Subject: Re: [Snort-users] Unified logging doesn't work.

On 2014-06-09 14:19, Steve Crow wrote:

I am having a similar issue. I am trying to monitor two interfaces.

I have the snort.conf output setup like this:
output unified2: filename merged.log, limit 128,

But I have alert files showing up in each interface directory in plain 
text.

The /etc/sysconfig/snort file seems to be controlling this, but I 
don't see an option for output using unified2 in the sysconfig/snort 
file, or for having a merged.log for both interfaces that I can 
monitor.

Doing a search doesn’t reveal a merged.log either.

Thank you,

Steve


How are you monitoring both interfaces?

------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions Find What Matters Most in Your Big Data with 
HPCC Systems Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration http://p.sf.net/sfu/hpccsystems 
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!


------------------------------------------------------------------------------
HPCC Systems Open Source Big Data Platform from LexisNexis Risk Solutions
Find What Matters Most in Your Big Data with HPCC Systems
Open Source. Fast. Scalable. Simple. Ideal for Dirty Data.
Leverages Graph Analysis for Fast Processing & Easy Data Exploration
http://p.sf.net/sfu/hpccsystems
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: