Hi there, I have trouble with try to output the snort unified as snoert.u2.xxxxxxxxxx.
When I set the snort output as
output alert_unified2: filename snort.u2, limit 128
output alert_fast: alert.log, limit 128, nostamp
snort will only generate a snort.log.xxxxxxxxxx and alert.
I have comment those ALERTMODE and BINARY_LOG the /etc/sysconfig/snort already and it still only generate snort.log.xxxxxxxxxx and alert only.
What is wrong and how can I fix this?
Thanks!
Hi there, I have trouble with try to output the snort unified as snoert.u2.xxxxxxxxxx. When I set the snort output as output alert_unified2: filename snort.u2, limit 128 output alert_fast: alert.log, limit 128, nostamp snort will only generate a snort.log.xxxxxxxxxx and alert. I have comment those ALERTMODE and BINARY_LOG the /etc/sysconfig/snort already and it still only generate snort.log.xxxxxxxxxx and alert only. What is wrong and how can I fix this? Thanks!