snort-users May 2008 archive
Main Archive Page > Month Archives  > snort-users archives
snort-users: [Snort-users] 2.8.1 or 2.8.2rc1: cannot configure c

[Snort-users] 2.8.1 or 2.8.2rc1: cannot configure custom output

From: Philippe Strauss <philou_at_nospam>
Date: Fri May 09 2008 - 15:33:19 GMT
To: snort-users@lists.sourceforge.net


Hello snort users,

Using those 2 snort versions, I cannot figure out how to make works the following type of output:

# DEFAULT in vanilla config: works
#output alert_syslog: LOG_AUTH LOG_ALERT
# DOESNT WORKS: still log in auth
#output alert_syslog: log_local7 log_info

# DOESNT WORKS: still logs via syslog in auth
#output alert_unified: filename snort.alert, limit 128
# WORKS
#output log_unified: filename snort.log, limit 128

# DOESNT WORKS
#output unified2: filename snort.u2
#output log_unified2: filename snort.lu2
#output alert_unified: filename snort.au

# DOESNT WORKS

output alert_csv: snort.csv msg,proto,timestamp,src,srcport,dst,dstport
# WORKS

output log_unified: filename snort.lu

The rest of my config is like the example shipped in the tarball, excet for the $HOME networks list and the rules path

What am'I missing?
TIA -- Philippe Strauss philou@philou.ch ------------------------------------------------------------------------- This SF.net email is sponsored by the 2008 JavaOne(SM) Conference Don't miss this year's exciting event. There's still time to save $100. Use priority code J8TL2D2. http://ad.doubleclick.net/clk;198757673;13503038;p?http://java.sun.com/javaone _______________________________________________ Snort-users mailing list Snort-users@lists.sourceforge.net Go to this URL to change user options or unsubscribe: https://lists.sourceforge.net/lists/listinfo/snort-users Snort-users list archive: http://www.geocrawler.com/redir-sf.php3?list=snort-users