Snort mailing list archives

Previous By Date Next
Previous By Thread Next

can't log to merged.log file in unified2 format in Version 2.9.9.0

From: "Berndt, Achim" <aberndt () studio-hamburg de>
Date: Mon, 10 Apr 2017 09:58:48 +0000
Hello,

I have a problem to activate logging to merged.log file in unified2 format,
but not with separated logfiles snort.alert and snort.u2?!
It worked with the same config in Version 2.9.8.3 with no problems.
Snort started with following options:

? /usr/sbin/snort -d -D -i eth4 -u snort -g snort -c /etc/snort/snort.conf -l /var/log/snort
Config setup for merged logfile:

? output unified2: filename merged.u2, limit 128, nostamp

? generate 2 files (alert, snort.log.timestamp) in pcap format
Config for separated logfiles:

? output alert_unified2: filename snort.alert, limit 128, nostamp

? output log_unified2: filename snort.u2, limit 128, nostamp

? generate 2 files (snort.alert, snort.u2) in unified2 format
Any ideas?

Regards
Achim
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________
Snort-users mailing list
Snort-users () lists sourceforge net
Go to this URL to change user options or unsubscribe:
https://lists.sourceforge.net/lists/listinfo/snort-users
Snort-users list archive:
http://sourceforge.net/mailarchive/forum.php?forum_name=snort-users

Please visit http://blog.snort.org to stay current on all the latest Snort news!
Previous By Date Next
Previous By Thread Next

Current thread: